Utility for checking when networked computer last accessed the network

We have a Windows 2003 Active Directory domain. As computers are removed from the network or renamed active directory is not removing them from the Computers section. Is there a utility or something that can help in removing computer names that are no longer being used? Pinging a computer name in question is no guarantee since the computer may be off due to user being on vacation, sick, etc... We have several hundred computer spread through out the city. Any help would be appreciated.
kingman1Asked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
Seems like you aren't running in Server 2003 functional level yet; the -inactive uses an attribute that's only available in this mode. If you don't have any *Domain* *Controllers* running Windows 2000 or NT4 (member servers don't matter), and don't plan to ever introduce any, you can switch your domain to 2003 function level.
If you'd rather wait with that, you can use the -stalepwd option instead of -inactive; note that you specify days here, not weeks.
dsquery computer domainroot -stalepwd 84 -limit 0
That has one potential disadvantage: a computer's password change can be disabled through a registry change or a group policy, so this might find computers that don't change their password, but are still active. -inactive, on the other hand, will find accounts that haven't logged on to the domain for the specified number of weeks (watch out for laptops!).
As it so happens, I just stumbled over another tool that can query both attributes, too:
OldCmp
http://www.joeware.net/win/free/tools/oldcmp.htm
0
 
oBdACommented:
To find outdated machines in the domain, you can use dsquery; open a command prompt and enter
dsquery computer domainroot -inactive 12 -limit 0
to get a list of machines that haven't logged on for 12 weeks.

If you trust the dsquery output, you could pipe it through to dsrm and remove the old records:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm

If you really, really trust the dsquery output, you can add -noprompt to delete without prompting:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm -noprompt

Dsquery
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx

The new command-line tools for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=298882

Other than that, there's no built-in tool that will do that for you. A third party tool is available here, for example:
Unused Account Ferret: Overview
http://www.anixis.com/products/uaf/default.htm
0
 
kingman1Author Commented:
oBdA. Thanks for the response. I ran the query and received this response.

dsquery failed:The parameter is incorrect.:Windows could not run this query beca
use you are connected to a domain that does not support this query.


Any ideas how to fix this? I am new to Windows 2003 networking.

Thanks
0
All Courses

From novice to tech pro — start learning today.