Solved

Utility for checking when networked computer last accessed the network

Posted on 2006-06-28
3
422 Views
Last Modified: 2013-12-23
We have a Windows 2003 Active Directory domain. As computers are removed from the network or renamed active directory is not removing them from the Computers section. Is there a utility or something that can help in removing computer names that are no longer being used? Pinging a computer name in question is no guarantee since the computer may be off due to user being on vacation, sick, etc... We have several hundred computer spread through out the city. Any help would be appreciated.
0
Comment
Question by:kingman1
  • 2
3 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 17005068
To find outdated machines in the domain, you can use dsquery; open a command prompt and enter
dsquery computer domainroot -inactive 12 -limit 0
to get a list of machines that haven't logged on for 12 weeks.

If you trust the dsquery output, you could pipe it through to dsrm and remove the old records:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm

If you really, really trust the dsquery output, you can add -noprompt to delete without prompting:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm -noprompt

Dsquery
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx

The new command-line tools for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=298882

Other than that, there's no built-in tool that will do that for you. A third party tool is available here, for example:
Unused Account Ferret: Overview
http://www.anixis.com/products/uaf/default.htm
0
 

Author Comment

by:kingman1
ID: 17005384
oBdA. Thanks for the response. I ran the query and received this response.

dsquery failed:The parameter is incorrect.:Windows could not run this query beca
use you are connected to a domain that does not support this query.


Any ideas how to fix this? I am new to Windows 2003 networking.

Thanks
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17007894
Seems like you aren't running in Server 2003 functional level yet; the -inactive uses an attribute that's only available in this mode. If you don't have any *Domain* *Controllers* running Windows 2000 or NT4 (member servers don't matter), and don't plan to ever introduce any, you can switch your domain to 2003 function level.
If you'd rather wait with that, you can use the -stalepwd option instead of -inactive; note that you specify days here, not weeks.
dsquery computer domainroot -stalepwd 84 -limit 0
That has one potential disadvantage: a computer's password change can be disabled through a registry change or a group policy, so this might find computers that don't change their password, but are still active. -inactive, on the other hand, will find accounts that haven't logged on to the domain for the specified number of weeks (watch out for laptops!).
As it so happens, I just stumbled over another tool that can query both attributes, too:
OldCmp
http://www.joeware.net/win/free/tools/oldcmp.htm
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question