?
Solved

Need a free utility or script to find old computers in AD

Posted on 2004-11-04
9
Medium Priority
?
163 Views
Last Modified: 2010-04-13
I need a free utility or script that will find old computers that are still listed in AD.  I have a ton that are not used, but don't want to sit and ping each machine to see if it is online.  Thanks
0
Comment
Question by:kgbsd
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 11

Assisted Solution

by:elbereth21
elbereth21 earned 375 total points
ID: 12494416
According to this article http://www.winnetmag.com/WindowsScripting/Articles/ArticleID/16292/pg/2/2.html
you can identify unused machines by last logon time
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12494425

I don't if it's good enough for general release, but I wrote something to do it. Unfortunately it requires you to feed it a list of computers (export from AD) so it has something to test. I haven't had time to try and make that kind of functionality automatic.

To run it you need Perl from www.activestate.com, and Net::DNS module (which doesn't ship with Active State's version). Provided you have access through the filewall you can use Perl Package Manager to get it, type ppm at the command prompt then (I think):

search net::dns
install net::dns

Beyond that, run it from the command prompt with perl ComputerScanner.pl

The rest of this message contains the code needed to run it (which should be copied to a text file ComputerScanner.pl), the comments that top show exactly what the script does:

#!/usr/bin/perl

# Computer Scanner Version 3.1.0
#
# Author: Chris Dent
# Last Modified: 29/09/2004
#
# Description:
#
# This is a basic network scanner. It does the following:
# 1. Reads in a list of Computer Names (tab delimited export from AD will do)
# 2. Pings each Computer Name to find out if its running
# 3. Runs a DNS Lookup on all running Computers to pull out the IP Address
# 4. Attempts to connect to the WMI and gather the UserName, Operating System
# and Computer Name
# 5. Checks for some common services (Web, Mail, FTP, etc)
# 6. Dumps it all out to a ; delimited text file called hosts.txt which can be
# imported into Excel
#
# NOTE: The DNS Resolver Module used in this script can only use DNS Server
# addresses assigned by DHCP (Updated Module (0.48) is untested for this bug)

# Included Modules

use Net::Ping;
use Net::DNS;
use IO::Socket;
use Win32::OLE qw(in);

# Syntax Pragma

use strict;

# Debugging Options

use warnings;
use diagnostics;

# Global Variables ("my" for variables only in the main code, "our" for global)

my $InputFile = "computers.txt";
my $OutputFile = "hosts.txt";

our (@ComputerList, @Input, @Ports);
our (%PortList);
our ($Host, $PingHost, $NSLookup, $Address, $PortName, $Port, $Result);
our ($WMIUserName, $WMIOSName, $WMIComputerName);

# This is the port list, required syntax is portnumber:portname:

my $List = "21:FTP:23:Telnet:25:SMTP:80:HTTP:443:HTTPS:";

# Functions and Subroutines

sub PingHost

# Pings the host by name and returns True or False

{
      my $PingObject = Net::Ping->new("icmp");
      if ($PingObject->ping($Host, 2))
      {
            $PingHost = 1;
      }
      else
      {
            $PingHost = 0;
      }
}

sub NSLookup

# Perform DNS Lookup for computer name - if it can't find an IP
# lookuperror is used to stop WMI Connection and PortScan attempts

{
      my $Resolver = Net::DNS::Resolver->new;
      my $Query = $Resolver->search("$Host");
      if ($Query)
      {
            foreach my $Record ($Query->answer)
            {
                  next unless $Record->type eq "A";
                  $Address = $Record->address;
                  $NSLookup = 1;
            }
      }
      else
      {
            $NSLookup = 0;
      }
}

sub GrabWindowsData

# Connect to the Windows Management Instrumentation and try to grab
# Current User and OS Name

{
      my $WMIServices = Win32::OLE->GetObject("winmgmts:{impersonationLevel=impersonate,(security)}//$Host");
      my $ComputerSystem = $WMIServices->instancesof("Win32_ComputerSystem");
      foreach my $Data (in($ComputerSystem))
      {
            $WMIUserName = $Data->{UserName};
      }
      my $OperatingSystem = $WMIServices->instancesof("Win32_OperatingSystem");      
      foreach my $Data (in($OperatingSystem))
      {
            my $OSName = $Data->{Name};
            my @OSData = split(/\|/, $OSName);
            $WMIOSName = $OSData[0];
            $WMIComputerName = $Data->{CSName};
      }
}

sub PortScan

# Attempt to create a socket connection to the ports in PortList

{
      my $Sock = IO::Socket::INET->new("$Host:$Port");
      if ($Sock)
      {
            $Result = 'Open';
      }
      else
      {
            $Result = 'Closed';
      }
}

sub CleanData

# Sub to Sort the Computer List from the original file data
# Requires extending to deal with multiple formats

{
      my $Counter = 0;
      
      foreach my $Line (@Input)
      {
            my @ComputerElement = split(/\t/, $Line);
            if ($ComputerElement[0] ne "\n")
            {
                  $ComputerList[$Counter] = $ComputerElement[0];
                  $Counter = ++$Counter;
            }
      }
}

sub ByNumber

# This sorts the elements in the hash (by port number in this case)
# Just makes the port scan run in numerical order

{
      if ( $a < $b )
      {
            -1
      }
      elsif ( $a > $b )
      {
            1
      }
      else
      {
            0
      }
}

# Main Script begins here

# Open Input File and Read Contents

open(INPUTFILE, "$InputFile") or die("Can't open $InputFile: $!");
@Input = <INPUTFILE>;
close(INPUTFILE);

# Open Output File for Writing (>) - a nice character delimited list
# Locks the file for exclusive access (you can't see it until it's done)

open(OUTPUTFILE, ">$OutputFile") or die("Can't open $OutputFile: $!");
flock(OUTPUTFILE, 2);

my $Resolver = Net::DNS::Resolver->new;
my @NameServers = $Resolver->nameservers;

print OUTPUTFILE "Using DNS Servers: @NameServers;\n";

print OUTPUTFILE "Host;Ping;NS Lookup;WMI: OS;WMI: Username;WMI: Computer Name;Port Scan;\n";

# Data cleaning - assumes data is tab delimited (default export from AD)
# or just a simple list, either way, it's going to chop off everything
# except the computer name

CleanData();

# Skip the first line - default export contains column names

shift(@ComputerList);

# Dig out lots of information

foreach $Host (@ComputerList)
{
      chomp($Host);
      print "$Host";
      print OUTPUTFILE "Ping Name: $Host;";
      
      PingHost();
      if ($PingHost == 1)
      {
            print OUTPUTFILE "Ping Succeeded;";
      }
      else
      {
            print OUTPUTFILE "Ping Failed;";
      }
      
      NSLookup();
      if ($NSLookup == 1)
      {
            print OUTPUTFILE "NSLookup Succeeded: $Address;";
      }
      else
      {
            print OUTPUTFILE "NSLookup Fail;";
      }
      
      # No point in doing the rest if we can't get an IP address so...
      
      if ($NSLookup == 1 and $PingHost == 1)
      {
            eval { GrabWindowsData(); };
            if ($@)
            {
                  print ": WMI could not establish a connection";
                  print OUTPUTFILE ";;;"
            }
            else
            {
                  print OUTPUTFILE "$WMIOSName;";
                  print OUTPUTFILE "WMI Name: $WMIComputerName;";
                  print OUTPUTFILE "$WMIUserName;";
            }
            
            # Make the port list usable
      
            %PortList = split(/:/, $List);
            @Ports = sort ByNumber keys %PortList;
            
            foreach $Port (@Ports)
            {
                  PortScan();
                  if ($Result eq "Open")
                  {
                        $PortName = $PortList { $Port };
                        print OUTPUTFILE "$PortName: Open;";
                  }
                  else
                  {
                        $PortName = $PortList { $Port };
                        print OUTPUTFILE "$PortName: Closed;";
                  }
            }
      }
      elsif ($NSLookup == 1 and $PingHost == 0)
      {
            print ": Unable to find IP Address";
            print OUTPUTFILE ";;;";
      }
      else
      {
            print ": Unable to Ping Host";
      }
      print "\n";
      print OUTPUTFILE "\n";
}

close(OUTPUTFILE);
0
 

Author Comment

by:kgbsd
ID: 12496773
The link from Elbereth gathers all the computers, but isn't correct.  I had a few that were over 300 and I was able to ping them still.  So it doesn't look like it works correctly.  Don't have time to do the perl thing...  Any other ideas?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 11

Assisted Solution

by:elbereth21
elbereth21 earned 375 total points
ID: 12502296
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 12502324
I used netpwage in my own domain, I think it works well and pretty fast; you only need to be careful with laptops, but since I think you know perfectly well what to look for, among your machines, this shouldn't be much of a problem.
0
 
LVL 6

Accepted Solution

by:
kapes earned 150 total points
ID: 12504812
By far the best one...

Command line Active Directory query tool. Primarily used to find and cleanup old computer accounts that haven't been used. Can also be used to clean up user accounts when the proper filter is specified

http://www.joeware.net/win/free/tools/oldcmp.htm
0
 

Author Comment

by:kgbsd
ID: 12527081
I tried the oldcmp utility to the same effect.  Pulls up a lot of machines, but some are still pingable even though it says they are really old...  Maybe it is a lost cause on this one..
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 12530795
Did you try also netPWage?
0
 
LVL 6

Expert Comment

by:kapes
ID: 12532646
the term OLD in the AD lingo means... the computers didn't change their password in last "X" days....

on this criteria... oldcmp... finds the "OLD COMPUTERS".... :-)

and since, by default every computer in the domain is required to change their password in i guess. 30 days...
you can safely assume, computers who didn't change their password in say 90 days are dead... respect to Domain...

so generally, machine which are renamed or scraped their computer accounts would have higher value for "password last changed on date" value...

But, I guess, in your case, the machines are just taken out of domain... so they keep the same name but, don't change their password on "computer accounts" in domain... giving high value for "password last changed on date"...

I hope this clears something...

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Moore’s Law has proven itself time and time again since it was first introduced. So what’s next? Will Moore’s law continue to remain relevant, or will new technology take over and bring us the next big advancement in computing?
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question