We solve the problem of “what computers dont exist” by looking at SMS, AD, and McAfee EPO.
We look at the time of last machine account password set in AD, time of last SMS heartbeat, and time the machine last did a EPO Agent update. It’s a SMS Report that queries AD and EPO tables replicated to SMS so posting it wont do you much good.
As far as the WindowsUpdate reboot – I think the only way to do that would be do have SMS HW Invetory collect the PendingFileRename key in the registry – most reboots would be setting that. If your updates came from SMS, you could also script a query to look at v_ClientAdvertisemntStatus.LastStateName for all advertisements of interest and see if they are waiting for reboot. I dont know if SUS would also have something similar. For all I know, maybe it has something built in to simply show you what systems want reboots.
Know it’s an old post, but below could be useful.
I use a FREE tool called “OldCmp” that provides reporting / disabling / deleting from Active Directory, so that our SMS/SCCM AD Discovery only finds current systems. It’s the easiest, cheapest, quickest solution I’ve found over many years for this sort of thing.
Then I also use a script to creates spreadsheets to show me the gaps (AD -> SMS, SMS -> AD).
‘Compare_AD_SMS.vbs from http://www.myitforum.com/forums/m_137852/printable.htm
(this script works on SCCM also)
Re the reboot required question… there is another registry key to check. If it exists, system needs a reboot.
There’s a great script at http://myitforum.com/cs2/files/folders/vbscripts/entry118566.aspx