Re: If a computer is not used for more than 3 months auto disable
- From: "Gonzo" <no@xxxxxxxxx>
- Date: Tue, 26 Jun 2007 10:03:40 +0100
I have disabled PC's over 180 days all seems fine accept one users PC today could not log on. It was in the old computer list over 180 days so it was disabled. He was using it fine yesterday so it has been on the domain.
"Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx> wrote in message news:uAS3VpPtHHA.4612@xxxxxxxxxxxxxxxxxxxxxxx
Yes look at -unsafe and -safety.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Gonzo" <no@xxxxxxxxx> wrote in message news:%23bkAunBtHHA.1060@xxxxxxxxxxxxxxxxxxxxxxx
Just ran OldCmp.exe -b -age 365 -disable -forreal and 286 were skipped, is this a setting?
Total Updates : 308
Updates Ok : 10
Updates Error : 0
Updates Skipped : 12
Updates Safety Skipped: 286
Command completed successfully
"Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx> wrote in message news:OaFTC46sHHA.3364@xxxxxxxxxxxxxxxxxxxxxxxComputers also have passwords. If you look at the schema hierarchy for a computer object you'll see it's actually a special type of user.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Gonzo" <no@xxxxxxxxx> wrote in message news:F12D8173-E993-46DC-87C0-42B07AE6439F@xxxxxxxxxxxxxxxxApologies for my lack of knowledge here, but aren't the passwords set on the usernames and not the computer?
"Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx> wrote in message news:OgVTI5rsHHA.1416@xxxxxxxxxxxxxxxxxxxxxxxHi-
If you are running in Windows 2003 domain functional level and you take on the -llts switch, then it will be based on lastLogonTimeStamp. Otherwise it's password last set (which by default is changed by PCs every 30 days). Note that last logon time stamp is only accurate to within 10 days.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Gonzo" <no@xxxxxx> wrote in message news:C42414CB-831F-4B31-93AF-96A906E69A46@xxxxxxxxxxxxxxxxGreat I just ran oldcmp -b "ou=stuff,dc=mydomain,dc=com" -age 500 -report and there are about 100 PC's. Is it the "lastlogontimestamp" the column it's using and is this the last time the computer logged onto the domain?
"Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx> wrote in message news:ulaAgpgsHHA.4764@xxxxxxxxxxxxxxxxxxxxxxxNo. The modified date is when the object was last touched on that particular domain controller.
With joe's tool you'd do something like
oldcmp -b "ou=stuff,dc=mydomain,dc=com" -age 90 -report
you can toggle it to do a CSVor to automatically move stuff around if you're comfortable with the results.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Gonzo" <no@xxxxxxxx> wrote in message news:eduGHndsHHA.508@xxxxxxxxxxxxxxxxxxxxxxxWhat is the modified date in ADUC? Is this when a computer last authenticated.
With Joe's tool how can I display computers that haven't logged onto the domain for 90 days?
"Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxxx> wrote in message news:20240C32-88B2-4A1D-890C-BE35B267A4C6@xxxxxxxxxxxxxxxxJoe's tool will allow you to set a range of the last time the machine has
authenticated. So say you want to purge all machines over 180 days, it will
then list all the machines 180 days or older.
--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com/
"Gonzo" wrote:
Thanks, what column tells me when the PC was last used then?
"Tomasz Onyszko" <T.onyszko_nospam_@xxxxxx> wrote in message
news:%23Rw8$lYsHHA.4636@xxxxxxxxxxxxxxxxxxxxxxx
> Gonzo wrote:
>> We have 100's of computer accounts in AD and I woudl say 50% >> are
>> computers that no longer exist. Obviously I need to some how >> double
>> check that they no longer exist. I was wondering what other
>> administrators do about this? If a computer account has not >> been used can
>> it be auto disabled/removed?
>
> use OldCmp tool from joe to verify computer accounts:
> http://www.joeware.net/freetools/tools/oldcmp/index.htm
>
> -- > Tomasz Onyszko
> http://www.w2k.pl/ - (PL)
> http://blogs.dirteam.com/blogs/tomek/ - (EN)
.
- Follow-Ups:
- Re: If a computer is not used for more than 3 months auto disable
- From: Brian Desmond [MVP]
- Re: If a computer is not used for more than 3 months auto disable
- References:
- If a computer is not used for more than 3 months auto disable it?
- From: Gonzo
- Re: If a computer is not used for more than 3 months auto disable it?
- From: Tomasz Onyszko
- Re: If a computer is not used for more than 3 months auto disable
- From: Gonzo
- Re: If a computer is not used for more than 3 months auto disable
- From: Brian Desmond [MVP]
- Re: If a computer is not used for more than 3 months auto disable
- From: Gonzo
- Re: If a computer is not used for more than 3 months auto disable
- From: Brian Desmond [MVP]
- Re: If a computer is not used for more than 3 months auto disable
- From: Gonzo
- Re: If a computer is not used for more than 3 months auto disable
- From: Brian Desmond [MVP]
- Re: If a computer is not used for more than 3 months auto disable
- From: Gonzo
- Re: If a computer is not used for more than 3 months auto disable
- From: Brian Desmond [MVP]
- If a computer is not used for more than 3 months auto disable it?
- Prev by Date: Decommissioning Win2000 DC
- Next by Date: Re: Redirect computers to a specific OU by IP Address
- Previous by thread: Re: If a computer is not used for more than 3 months auto disable
- Next by thread: Re: If a computer is not used for more than 3 months auto disable
- Index(es):
Relevant Pages
|
