Solved

What Computer Objects are Taken

Posted on 2004-03-30
7
131 Views
Last Modified: 2010-05-18
The prior administrator created Computer Objects in active directory. Is there a way to check which computer objects have are used and which ones are vacant?
0
Comment
Question by:gbarrientos
7 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10720121
Are you referring to in Active Directory Users and Computers?

Check under the "Computers" tab.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10721181
gbarrientos

diggisaur is correct, but only if the prior administrator left all the objects in the default place - which is not certain and on a large system not very likely.

This is how you find ALL computer accounts everywhere on the domain:

Open up the Active Directory Users and Computers administration tool, right click on the domain and select "Find"

In the Find dialog select Computers from the drop down list and press the find now button.

This will display all computer account objects in the entire domain.

Cheers

JamesDS

0
 
LVL 3

Accepted Solution

by:
infradawn earned 500 total points
ID: 10721826
Hi gbarrientos. Is it that you want to check which AD computer objects have a corresponding machine?

If so, then you can check DNS to see if there's a machine registration for each machine AD object. If there isn't then either the machine's been off-line for a while or it doesn't actually exist!

Also, check out the tool 'password age' which can generate a report of when a machine (or user) last had it's password changed. You can generally assume that if a machine account password hasn't been changed in n days then it's doesn't exist. Tool can be found here:

http://www.systemtools.com/free_frame.htm


iD
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 9

Author Comment

by:gbarrientos
ID: 10724895
Infradawn,
That is exactly what I am looking for; I want to know which computer objects have a corresponding account. Checking DNS will be rather difficult because there is alot of computer accounts. The reason for doing this is that when the domain was originally created computers were joined without proper naming convention, which makes it hard to do any real managment. So looking at the the utility specified above, i received a total of 2011 computers displayed. Now i am looking at number to the right and i am guessing the number is in DAYS (???) what number would you consider safe to delete?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10731154
You get 3 columns: machine name, machine type and password age. The password age is the elapsed time since the password was last changed. By default it's changed every 30 days (W2K). I can't tell you how old a password needs to be before it's safe to delete the AD computer object. It depends, for one thing, on if you've set up a shorter or longer computer account password change period than the default.

I tend to use a figure of 120 days. If someone's left their PC off for 3 months I figure it's not a key piece of kit and, if the phone does ring, I can always recreate the machine account!


iD
0
 
LVL 9

Author Comment

by:gbarrientos
ID: 10734228
Where in AD do you specify how long a computer should renew its password?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10740207
MaximumPasswordAge
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD  1–1,000,000 (days)  30  

Description
Determines how often the system changes the computer account password of the local computer. This entry is used only when the system is configured to change the computer password automatically at regular intervals, that is, when the value of the DisablePasswordChange entry is 0.

Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.


Extract from Microsoft W2K ResKit Reference.

iD
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cursor typing problems 5 25
Windows 2000 Print Server 2 967
no logon server available 8 155
Install Window 2012 Domain on 9 125
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now