?
Solved

Utility for checking when networked computer last accessed the network

Posted on 2006-06-28
3
Medium Priority
?
426 Views
Last Modified: 2013-12-23
We have a Windows 2003 Active Directory domain. As computers are removed from the network or renamed active directory is not removing them from the Computers section. Is there a utility or something that can help in removing computer names that are no longer being used? Pinging a computer name in question is no guarantee since the computer may be off due to user being on vacation, sick, etc... We have several hundred computer spread through out the city. Any help would be appreciated.
0
Comment
Question by:kingman1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 17005068
To find outdated machines in the domain, you can use dsquery; open a command prompt and enter
dsquery computer domainroot -inactive 12 -limit 0
to get a list of machines that haven't logged on for 12 weeks.

If you trust the dsquery output, you could pipe it through to dsrm and remove the old records:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm

If you really, really trust the dsquery output, you can add -noprompt to delete without prompting:
dsquery computer domainroot -inactive 12 -limit 0 | dsrm -noprompt

Dsquery
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx

The new command-line tools for Active Directory in Windows Server 2003
http://support.microsoft.com/?kbid=298882

Other than that, there's no built-in tool that will do that for you. A third party tool is available here, for example:
Unused Account Ferret: Overview
http://www.anixis.com/products/uaf/default.htm
0
 

Author Comment

by:kingman1
ID: 17005384
oBdA. Thanks for the response. I ran the query and received this response.

dsquery failed:The parameter is incorrect.:Windows could not run this query beca
use you are connected to a domain that does not support this query.


Any ideas how to fix this? I am new to Windows 2003 networking.

Thanks
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 17007894
Seems like you aren't running in Server 2003 functional level yet; the -inactive uses an attribute that's only available in this mode. If you don't have any *Domain* *Controllers* running Windows 2000 or NT4 (member servers don't matter), and don't plan to ever introduce any, you can switch your domain to 2003 function level.
If you'd rather wait with that, you can use the -stalepwd option instead of -inactive; note that you specify days here, not weeks.
dsquery computer domainroot -stalepwd 84 -limit 0
That has one potential disadvantage: a computer's password change can be disabled through a registry change or a group policy, so this might find computers that don't change their password, but are still active. -inactive, on the other hand, will find accounts that haven't logged on to the domain for the specified number of weeks (watch out for laptops!).
As it so happens, I just stumbled over another tool that can query both attributes, too:
OldCmp
http://www.joeware.net/win/free/tools/oldcmp.htm
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question