Solved

What Computer Objects are Taken

Posted on 2004-03-30
7
133 Views
Last Modified: 2010-05-18
The prior administrator created Computer Objects in active directory. Is there a way to check which computer objects have are used and which ones are vacant?
0
Comment
Question by:gbarrientos
7 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10720121
Are you referring to in Active Directory Users and Computers?

Check under the "Computers" tab.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10721181
gbarrientos

diggisaur is correct, but only if the prior administrator left all the objects in the default place - which is not certain and on a large system not very likely.

This is how you find ALL computer accounts everywhere on the domain:

Open up the Active Directory Users and Computers administration tool, right click on the domain and select "Find"

In the Find dialog select Computers from the drop down list and press the find now button.

This will display all computer account objects in the entire domain.

Cheers

JamesDS

0
 
LVL 3

Accepted Solution

by:
infradawn earned 500 total points
ID: 10721826
Hi gbarrientos. Is it that you want to check which AD computer objects have a corresponding machine?

If so, then you can check DNS to see if there's a machine registration for each machine AD object. If there isn't then either the machine's been off-line for a while or it doesn't actually exist!

Also, check out the tool 'password age' which can generate a report of when a machine (or user) last had it's password changed. You can generally assume that if a machine account password hasn't been changed in n days then it's doesn't exist. Tool can be found here:

http://www.systemtools.com/free_frame.htm


iD
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 9

Author Comment

by:gbarrientos
ID: 10724895
Infradawn,
That is exactly what I am looking for; I want to know which computer objects have a corresponding account. Checking DNS will be rather difficult because there is alot of computer accounts. The reason for doing this is that when the domain was originally created computers were joined without proper naming convention, which makes it hard to do any real managment. So looking at the the utility specified above, i received a total of 2011 computers displayed. Now i am looking at number to the right and i am guessing the number is in DAYS (???) what number would you consider safe to delete?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10731154
You get 3 columns: machine name, machine type and password age. The password age is the elapsed time since the password was last changed. By default it's changed every 30 days (W2K). I can't tell you how old a password needs to be before it's safe to delete the AD computer object. It depends, for one thing, on if you've set up a shorter or longer computer account password change period than the default.

I tend to use a figure of 120 days. If someone's left their PC off for 3 months I figure it's not a key piece of kit and, if the phone does ring, I can always recreate the machine account!


iD
0
 
LVL 9

Author Comment

by:gbarrientos
ID: 10734228
Where in AD do you specify how long a computer should renew its password?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10740207
MaximumPasswordAge
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD  1–1,000,000 (days)  30  

Description
Determines how often the system changes the computer account password of the local computer. This entry is used only when the system is configured to change the computer password automatically at regular intervals, that is, when the value of the DisablePasswordChange entry is 0.

Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.


Extract from Microsoft W2K ResKit Reference.

iD
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question