Home > IT Answers > DataCenter > Retired computer accounts in Active Directory
Help

Question

  Asked: Jun 14 2007   8:57 AM GMT
  Asked by: marcola

Retired computer accounts in Active Directory


Hardware, OS, Servers, SQL Server, Security, Desktops, Management, Microsoft Windows, Active Directory, Lotus Domino, General Directories, Programming Languages, ASP, ASP.NET, JavaScript, Perl, VB.NET, VBScript, Visual Basic, XML, DataCenter, Desktop management applications, Altiris, Intel, LANDesk, Microsoft Systems Management Server, Tech support

I need a dependable script!!!

After several domain migrations and adding a few new sites over the past two years I have found that there are hundreds of computer accounts in Active Directory. We are a global company so tracking computer names is impossible.

Because we use several management applications (WSUS, SMS, etc.) that rely on the information that is in AD it is imperative that I find all computer accounts that have not been active for a set amount of time.

I have been struggling to confidently retrieve information from Active Directory using Vb, VBScript, Perl and ADSI. I have also used SMS Reporting but I would find that information returned from all methods to be incorrect.

I need a script that will hit AD and return a list of stale machines that have not been connected to AD or our LAN/WAN for a specified amount of time.

ALSO!!! Does anyone know how to query the network for all Windows based machines that are waiting for a reboot due to Windows Updates???

Any help would be greatly appreciated.
Thanks in advance!

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Jun 14 2007  10:37 AM GMT  by mssmikey




We solve the problem of "what computers dont exist" by looking at SMS, AD, and McAfee EPO.

We look at the time of last machine account password set in AD, time of last SMS heartbeat, and time the machine last did a EPO Agent update. It's a SMS Report that queries AD and EPO tables replicated to SMS so posting it wont do you much good.

As far as the WindowsUpdate reboot - I think the only way to do that would be do have SMS HW Invetory collect the PendingFileRename key in the registry - most reboots would be setting that. If your updates came from SMS, you could also script a query to look at v_ClientAdvertisemntStatus.LastStateName for all advertisements of interest and see if they are waiting for reboot. I dont know if SUS would also have something similar. For all I know, maybe it has something built in to simply show you what systems want reboots.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on DataCenter, Microsoft Windows and SQL Server.

Looking for relevant DataCenter Whitepapers? Visit the SearchDataCenter.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Buddyfarr  |   Sep 26 2007  2:41PM GMT

please check out User Management Resource Administrator by Advanced Toolware.

<a href="http://advancedtoolware.com/" rel="nofollow">http://advancedtoolware.com/</a>

I use it to create, delete, backup accounts. I also have a script that shows all user accounts that are locked out and why.

I don’t have a script to do exactly what you are asking but I am sure that their techs can create one for you. they helped me create a script to access our exchange server and backup an entire mailbox to .pst for users that leave the organization. I use it along with backing up their personal files and then deleting the account. it has a multitude of uses that I haven’t even scratched into yet.