Solved

What Computer Objects are Taken

Posted on 2004-03-30
7
136 Views
Last Modified: 2010-05-18
The prior administrator created Computer Objects in active directory. Is there a way to check which computer objects have are used and which ones are vacant?
0
Comment
Question by:gbarrientos
7 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10720121
Are you referring to in Active Directory Users and Computers?

Check under the "Computers" tab.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10721181
gbarrientos

diggisaur is correct, but only if the prior administrator left all the objects in the default place - which is not certain and on a large system not very likely.

This is how you find ALL computer accounts everywhere on the domain:

Open up the Active Directory Users and Computers administration tool, right click on the domain and select "Find"

In the Find dialog select Computers from the drop down list and press the find now button.

This will display all computer account objects in the entire domain.

Cheers

JamesDS

0
 
LVL 3

Accepted Solution

by:
infradawn earned 500 total points
ID: 10721826
Hi gbarrientos. Is it that you want to check which AD computer objects have a corresponding machine?

If so, then you can check DNS to see if there's a machine registration for each machine AD object. If there isn't then either the machine's been off-line for a while or it doesn't actually exist!

Also, check out the tool 'password age' which can generate a report of when a machine (or user) last had it's password changed. You can generally assume that if a machine account password hasn't been changed in n days then it's doesn't exist. Tool can be found here:

http://www.systemtools.com/free_frame.htm


iD
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 9

Author Comment

by:gbarrientos
ID: 10724895
Infradawn,
That is exactly what I am looking for; I want to know which computer objects have a corresponding account. Checking DNS will be rather difficult because there is alot of computer accounts. The reason for doing this is that when the domain was originally created computers were joined without proper naming convention, which makes it hard to do any real managment. So looking at the the utility specified above, i received a total of 2011 computers displayed. Now i am looking at number to the right and i am guessing the number is in DAYS (???) what number would you consider safe to delete?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10731154
You get 3 columns: machine name, machine type and password age. The password age is the elapsed time since the password was last changed. By default it's changed every 30 days (W2K). I can't tell you how old a password needs to be before it's safe to delete the AD computer object. It depends, for one thing, on if you've set up a shorter or longer computer account password change period than the default.

I tend to use a figure of 120 days. If someone's left their PC off for 3 months I figure it's not a key piece of kit and, if the phone does ring, I can always recreate the machine account!


iD
0
 
LVL 9

Author Comment

by:gbarrientos
ID: 10734228
Where in AD do you specify how long a computer should renew its password?
0
 
LVL 3

Expert Comment

by:infradawn
ID: 10740207
MaximumPasswordAge
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Data type Range Default value
REG_DWORD  1–1,000,000 (days)  30  

Description
Determines how often the system changes the computer account password of the local computer. This entry is used only when the system is configured to change the computer password automatically at regular intervals, that is, when the value of the DisablePasswordChange entry is 0.

Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.


Extract from Microsoft W2K ResKit Reference.

iD
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
no desktop when login to windows server 2000 7 340
Migrate Windows NT to Windows 2003 2 523
How to Test Com Ports on NT 4.0 Workstation 2 282
Screen Mirroring 7 88
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Building a cohesive image for your brand is vital to making an impression on consumers. When the economy is tough, brands do better than unbranded  products. This can have a huge impact on your long-term profits, as the economy goes up and down.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question