?
Solved

Domain migration - computer account issue after using ADMT

Posted on 2004-10-01
3
Medium Priority
?
424 Views
Last Modified: 2010-04-19
I am an OU administrator for my organization.  We recently used ADMT (active directory migration tool) to move all of our computers from an old (and busted) windows 2000 AD to a new windows 2003 AD.  I have full control of my OU and group policy privileges.  All my stuff is in my own OU or subcontainers.

When we ran the ADMT tool against the list of computers in the old domain, many of those computers no longer existed.  This caued lots of problems running ADMT as it would time out on computers it could not contact.  It also created computer accounts in the new domain for these computers even though it was never able to successfully contact them.

So now I have all my computers in the new domain, but I've also got these extra computer names.  I do not know whether our domain admin has any kind of policy in place to expire computer accounts that have never "phoned home", and I can't wait for that to kick in anyway.

Does anyone know how I can go through my OU and find computer accounts that have never contacted the DC so I can delete them and make my list accurate?  
0
Comment
Question by:mslunecka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
PKundtz earned 2000 total points
ID: 12206506
Here are three options to generate a list of active computers.  You can use this list to remove inactive computer accounts:

You can compair AD computer accounts with DHCP if you use DHCP to assign IP addresses to you computers.

You can also look at your DNS for a list of computers that were once active.

Run ping & SNTP sweep across your network for a week or two.  Look@LAN is a good freeware program (http://www.lookatlan.com/download/LALSetup.exe).  This identifies computer names and IP addresses that are active and keeps a record of active hosts.  YOu can cross-check this list with the computers in AD and remove the inactive computers.

0
 
LVL 6

Author Comment

by:mslunecka
ID: 12208315
Good suggestions.  I had been looking for an AD specific solution, but I think comparing against the DHCP logs will probably be the best bet.  We have a fairly new DHCP/DNS management system that we built and it should be able to do that.  I won't be able to test it out until monday though.  I'll leave the question open for now and distribute points monday when I've had a chance to test it out.

I had considered running a LANguard scan of my network, but the problem is that I would get so many computer names back (I only administer one piece of our network) it would take too much effort to sift through them, and I need a more immediate answer than that would provide.  SOme of the computers in my list just don't get turned on very often.

If anyone else knows of a way to check the AD for computers that have contacted the DC recently I'd be interested in that as well.
0
 
LVL 6

Author Comment

by:mslunecka
ID: 12218788
Thanks for your help! I never actually had a chance to test your solution, though I've no doubt it would have worked (we keep good DHCP records and comparing a list of our computers against leases for the last 3 months wouldn't have been very difficult)

On our domains the computer account password changes monthly.  The accounts don't really expire, but we were able to check for accounts with expired passwords and eliminate them that way.  I'm not sure how our domain admin generated the list, but it showed up in my inbox this morning and I got what I needed.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question