What Computer Objects are Taken

Posted on 2004-03-30
Medium Priority
Last Modified: 2010-05-18
The prior administrator created Computer Objects in active directory. Is there a way to check which computer objects have are used and which ones are vacant?
Question by:gbarrientos
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10720121
Are you referring to in Active Directory Users and Computers?

Check under the "Computers" tab.
LVL 16

Expert Comment

ID: 10721181

diggisaur is correct, but only if the prior administrator left all the objects in the default place - which is not certain and on a large system not very likely.

This is how you find ALL computer accounts everywhere on the domain:

Open up the Active Directory Users and Computers administration tool, right click on the domain and select "Find"

In the Find dialog select Computers from the drop down list and press the find now button.

This will display all computer account objects in the entire domain.




Accepted Solution

infradawn earned 1500 total points
ID: 10721826
Hi gbarrientos. Is it that you want to check which AD computer objects have a corresponding machine?

If so, then you can check DNS to see if there's a machine registration for each machine AD object. If there isn't then either the machine's been off-line for a while or it doesn't actually exist!

Also, check out the tool 'password age' which can generate a report of when a machine (or user) last had it's password changed. You can generally assume that if a machine account password hasn't been changed in n days then it's doesn't exist. Tool can be found here:


Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 10724895
That is exactly what I am looking for; I want to know which computer objects have a corresponding account. Checking DNS will be rather difficult because there is alot of computer accounts. The reason for doing this is that when the domain was originally created computers were joined without proper naming convention, which makes it hard to do any real managment. So looking at the the utility specified above, i received a total of 2011 computers displayed. Now i am looking at number to the right and i am guessing the number is in DAYS (???) what number would you consider safe to delete?

Expert Comment

ID: 10731154
You get 3 columns: machine name, machine type and password age. The password age is the elapsed time since the password was last changed. By default it's changed every 30 days (W2K). I can't tell you how old a password needs to be before it's safe to delete the AD computer object. It depends, for one thing, on if you've set up a shorter or longer computer account password change period than the default.

I tend to use a figure of 120 days. If someone's left their PC off for 3 months I figure it's not a key piece of kit and, if the phone does ring, I can always recreate the machine account!


Author Comment

ID: 10734228
Where in AD do you specify how long a computer should renew its password?

Expert Comment

ID: 10740207

Data type Range Default value
REG_DWORD  1–1,000,000 (days)  30  

Determines how often the system changes the computer account password of the local computer. This entry is used only when the system is configured to change the computer password automatically at regular intervals, that is, when the value of the DisablePasswordChange entry is 0.


Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Extract from Microsoft W2K ResKit Reference.


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Though there are a few manual ways to import PST files to Office 365 , third-party PST to Office 365 import tools are preferred over them due to various reasons.  Consequently, many tools or services are available for the same. Here, we pick the to…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…
Did you know PowerShell can save you time with SaaS platforms? Simply leverage RESTfulAPIs to build your own PowerShell modules. These will kill repetitive tickets and tabs, using the command Invoke-RestMethod. Tune into this webinar to learn how…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question