Start Free Trial
Come for the solution, stay for everything else.
Start Free Trial
What Computer Objects are Taken
The prior administrator created Computer Objects in active directory. Is there a way to check which computer objects have are used and which ones are vacant?
8/22/2022 - Mon
Are you referring to in Active Directory Users and Computers?
Check under the "Computers" tab.
diggisaur is correct, but only if the prior administrator left all the objects in the default place - which is not certain and on a large system not very likely.
This is how you find ALL computer accounts everywhere on the domain:
Open up the Active Directory Users and Computers administration tool, right click on the domain and select "Find"
In the Find dialog select Computers from the drop down list and press the find now button.
This will display all computer account objects in the entire domain.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today
7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
That is exactly what I am looking for; I want to know which computer objects have a corresponding account. Checking DNS will be rather difficult because there is alot of computer accounts. The reason for doing this is that when the domain was originally created computers were joined without proper naming convention, which makes it hard to do any real managment. So looking at the the utility specified above, i received a total of 2011 computers displayed. Now i am looking at number to the right and i am guessing the number is in DAYS (???) what number would you consider safe to delete?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
You get 3 columns: machine name, machine type and password age. The password age is the elapsed time since the password was last changed. By default it's changed every 30 days (W2K). I can't tell you how old a password needs to be before it's safe to delete the AD computer object. It depends, for one thing, on if you've set up a shorter or longer computer account password change period than the default.
I tend to use a figure of 120 days. If someone's left their PC off for 3 months I figure it's not a key piece of kit and, if the phone does ring, I can always recreate the machine account!
Where in AD do you specify how long a computer should renew its password?
Data type Range Default value
REG_DWORD 1–1,000,000 (days) 30
Determines how often the system changes the computer account password of the local computer. This entry is used only when the system is configured to change the computer password automatically at regular intervals, that is, when the value of the DisablePasswordChange entry is 0.
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Extract from Microsoft W2K ResKit Reference.
to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Plans and Pricing
Certified Expert Program
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent