Re: Deleting Old computer accounts

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jimmy Andersson [MVP] (jimmy_noSpam__at_mvps.org)
Date: 04/16/04 

Date: Fri, 16 Apr 2004 14:54:58 +0200

Agreed! :)
It's just that I'm not a big fan of GUI tools (that costs money) that do the
exact same thing you can do with a bit of code/script.... but that's just my
personal 2 cents.

Regards,
/Jimmy 

-- 
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:eBUqQwyIEHA.3224@TK2MSFTNGP09.phx.gbl...
> Jimmy,
>
> And a  mighty fine job it does.  I promote Joe's 'oldcmp' utility whenever
I
> can.  I also looked at the adjanitor tool quickly and it looks nice.  I
> guess, as I wrote in another post, you need to decide if you want the free
> tool from http://www.joeware.net and the command line as the interface or
if
> you want to pay the $50.00 at http://www.adjanitor.com and have the nice
GUI
> ( as well as having to install .NET Framework 1.1 - which is no problem at
> all ).
>
> Cary
>
> "Jimmy Andersson [MVP]" <jimmy_noSpam_@mvps.org> wrote in message
> news:u6wn0yVIEHA.3248@TK2MSFTNGP12.phx.gbl...
> > You'll also find a non-GUI tool at www.joeware.net which is free and
does
> > the job.
> >
> > Regards,
> > /Jimmy
> > -- 
> > Jimmy Andersson, Q Advice AB
> > Microsoft MVP - Directory Services
> > ---------- www.qadvice.com ----------
> >
> >
> > "Staffan" <staols55@hotmail.com> wrote in message
> > news:e279000d.0404020502.5d63a551@posting.google.com...
> > > Hi Mehrab!
> > >
> > > Check out the tool Active Directory Janitor. I believe you can
> > > download a trial version directly from their site (www.adjanitor.com
> > > if I recall it correctly).
> > >
> > > I've used it myself. The trial version has some limitations but it
> > > will show you the number of obsolete computer accounts in your AD.
> > > Personally I've purchased the unlimited version and believe me, it was
> > > 50 bucks well spent!
> > >
> > > Regards Kemal Frank
> > >
> > >
> > > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:<OsVoEC0DEHA.1128@TK2MSFTNGP11.phx.gbl>...
> > > > I might suggest that you take a look at http://www.joeware.net as he
> has
> > a
> > > > very nice tool there - called oldcmp.  It is in the free C++ tools
> > section.
> > > > It will allow you to first create a report - if you wish - so that
you
> > can
> > > > see how many computer account objects that you have that are xxx
days
> > old
> > > > ( as Johann so aptly explained ).  You can set the 'xxx' part - it
> > defaults
> > > > to 90 days - with the "/age xxx days" switch.  You can then go in
and
> > > > disable the computer account objects that meet your requirements.
> Only
> > > > after you have first disabled the computer account objects in
question
> > can
> > > > you then delete them.
> > > >
> > > > HTH,
> > > >
> > > > Cary
> > > >
> > > >
> > > >
> > > > "Johan Arwidmark"
> <johan.please_respond_to_forum.arwidmark@lutteman.se>
> > > > wrote in message news:irpq50p46pq8isgq2ueve9dke6fukmj20p@4ax.com...
> > > > > Well, the computer object is automatically updated with
information
> > > > > from the netlogon service during secure channel setup.
> > > > >
> > > > > You can find unused or inactive computer accounts by searching for
> > > > > certain computer object attributes with LDAP searches.
> > > > >
> > > > > Computer objects that have never been used do not have the
> > > > > operatingSystem, OperatingSystemServicePack and
> operatingSystemVersion
> > > > > attributes set.
> > > > >
> > > > > If the whenChanged attribute is more than a month old, the
computer
> > > > > probably is not active on a network making periodic password
> changes.
> > > > > You can also check the lastLogon attribute. (the whenChanged and
> > > > > lastLogon attributes is non-replicated attributes which means you
> have
> > > > > to examine it on all domain controllers)
> > > > >
> > > > > To search you can use a tool like ldp (from support tools)
> > > > >
> > > > > However, I do recommend using a script for this...there are many
> good
> > > > > examples scripts for this on the net....
> > > > >
> > > > > regards
> > > > > Johan Arwidmark
> > > > >
> > > > > Windows User Group - Nordic
> > > > > http://www.wug-nordic.net
> > > > >
> > > > >
> > > > > On Sat, 20 Mar 2004 21:11:40 -0800, "Mehrab"
> > > > > <anonymous@discussions.microsoft.com> wrote:
> > > > >
> > > > > >Hi,
> > > > > >
> > > > > >I need to delete a few hundreds of old computer accounts
> > > > > >from  Active Directory on Windows 2000, SP4.
> > > > > >
> > > > > >I don't want to perform this by scripting. I'm looking
> > > > > >for an LDAP query on Active Directory to find these old
> > > > > >computer accounts. Any help is much appreciated.
> > > > > >
> > > > > >Thanks
> > > > > >Mehrab
> > > > >
> >
> >
>
>
Quantcast