Re: Disable/Delete unused workstations

From: Risto Loponen (Ristolopo_at_aol.com)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 17:25:31 +0200

Hi Corrado!This script seems to do the trick just fine. However, I've found
out that you need to continously monitor your active directory for the
unused workstationsand the right tool for the job is The incredible Active
Directory Janitor. You might thinkthat I'll get a small marketing fee for
saying this but I can really recommend this productto anyone in the same
situation (for FREE ;) )...Happy hunting! /
Risto-------------------------------------------------------------":Buz
[MSFT]" <buzb@online.microsoft.com> wrote in message
Here is a way:

How to remove inactive machine accounts
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
*** Problem Description ***

This script will remove inactive machine accounts in Active Directory
programmatically via ADSI.

It reads from an input file ( DCList.txt ) in which you manually insert the
names
of your domain controllers so that their accounts will not be deleted. It
then
removes all machine accounts that have not changed their password in the
last 90
days, then writes
 the results to an output file ( InactivePCs.txt )

The line 'Call objDomain.Delete("Computer", objComp.Name) has been
commented out
so that you may test the script first without actually deleting accounts.

Take the following steps to use the script.

  1. Create the DCList.txt and InactivePCs.txt files in C:\Temp ( create
this
folder if it does not exist) on the PDC Emulator for the domain.
  2. Populate the DCList.txt file with the names of the domain controllers.
  3. Rename the strDomain variable from "MyDomain" to the name of the
domain.
  4. Possibly edit the IntAccountAge variable to reflect that of how long
you would
like the maximum time that a computer account password has NOT changed
  5. Rename the following script to .vbs and run on the PDC Emulator.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
*** Resolution ***

Const ForReading = 1
Const ForWriting = 2
Dim objFSO, objCompFile, objDCFile, objDomain, objComp, objNTComp
Dim strCompFile, strDCFile
Dim strDomain, strDCList Dim intSecInADay, intAccountAge

strCompFile = "C:\Temp\InactivePCs.txt"
strDCFile = "C:\Temp\DCList.txt"
strDomain = "MyDomain"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCompFile = objFSO.OpenTextFile(strCompFile, ForWriting, TRUE)
Set objDCFile = objFSO.OpenTextFile(strDCFile, ForReading)
Set objDomain = GetObject("WinNT://" & strDomain)
objDomain.Filter = Array("Computer")
strDCList = objDCFile.ReadAll()
intSecInADay = 60 * 60 * 24
intAccountAge = 90

For Each objComp In objDomain
    Set objNTComp = GetObject("WinNT://" & strDomain & "/" & objComp.Name &
"$")
    If (objNTComp.PasswordAge > intSecInADay * intAccountAge) Then
        If InStr(1, strDCList, objComp.Name, vbTextCompare) = 0 Then
             'Call objDomain.Delete("Computer", objComp.Name)
             objCompFile.Writeline objNTComp.Name & "-- computer account has
been
deleted"
        End If
    End If
Next

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>
"Corrado" <me@noserver.com> wrote in message
news:uSOvamfzDHA.2308@TK2MSFTNGP11.phx.gbl...
> Hi to all,
> is there a way to automatically disable or delete workstations not used in
> the W2000 domain?
>
> In fact we have many workstations not used anymore, but I cannot find a
way
> to understand if they are still in use or not.
> I cannot simply ping the workstation, maybe the user is not in office but
he
> will be...
>
> Thanks for any help.
>
> bye
> Corrado
>
>
>

Relevant Pages

  • Re: Finding SP1
    ... If it is a large environment you probably have an Active Directory domain configured, and the workstations are joined to the Domain. ... So, you can run a query on AD and get the SP level for all domain-joined workstations, without needing to interact with the workstations at all - in other words, no need to run a script on the workstation; the data is all there in AD on the server. ... If for some reason you have a large PC installation where the workstations are not joined to an Active Directory domain, or if you want to query the workstations directly for some reason, then you can run a script on each workstation. ...
    (microsoft.public.windowsxp.general)
  • Re: Need assistance badly!
    ... I have tried cobbling together a script that does this, ... I would use ADO in a VBScript program to retrieve all users with the ... Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strCN ... adoConnection.Open "Active Directory Provider" ...
    (microsoft.public.scripting.vbscript)
  • Re: Another Newbie
    ... I need a script that will give me a list of all users who's ... ' Use ADO to search Active Directory. ... Set adoConnection = CreateObject ... ' Filter on user objects that have password never expires flag set. ...
    (microsoft.public.windows.server.scripting)
  • Re: Operations Masters
    ... Run diagnostics against your Active Directory domain. ... Run dcdiag, netdiag and repadmin in verbose mode. ... If you download a gui script I wrote it should be simple to set and run ...
    (microsoft.public.windows.server.active_directory)
  • Re: Disable/Delete unused workstations
    ... > This script will remove inactive machine accounts in Active Directory ... > Dim objFSO, objCompFile, objDCFile, objDomain, objComp, objNTComp ...
    (microsoft.public.win2000.group_policy)
Loading