Solved

Using dsrm command utility to delete computer accounts

Posted on 2009-06-28
6
1,804 Views
Last Modified: 2012-05-07
I am getting an error when I try to delete old computer accounts that are disabled, I get the following error;

Windows cannot delete the object "computer name" because: directory object cannot be found

I have several computer accounts both in the original computers ou and other ou's that
I wanted to cleanup, I'm pretty new at this and stumbled on dsrm. If dsrm is a good
way to remove these accounts can someone give me the exact dsrm verbage to remove these
accounts???

Is there a better way to delete disabled computer accounts????

I'm running Windows 2003 server standard sp2
0
Comment
Question by:jhall0528
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 6

Expert Comment

by:cmccall
ID: 24732045
DSRM is Directory Services Resore Mode.  You don't need this to delete these accounts.  If ADUC won't let you delete, you can try ADSIEDIT.  Make sure you have a good system state backup of a DC before you start this.  But ADSIEDIT should let you delete the old computer accounts.  Just make sure they are definately not being used anymore.
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 250 total points
ID: 24732778
I think jhall is referring to the command line util DSRM which is used to delete objects from AD, usually by receiving piped DNs from a DSQUERY command.
That aside, a very good utility for cleaning up old computer accounts is oldcmp from Joeware.net http://www.joeware.net/freetools/tools/oldcmp/index.htm.
If you want to delete ALL disabled computer accounts, the syntax would be:
oldcmp -delete -age 0 -onlydisabled -report -sh             (this will show you a report of the computer accounts it will delete)
oldcmp -delete -age 0 -onlydisabled -unsafe -forreal     (this will actually delete them)
 
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24739313
How was the reference to the computer account submitted when dsrm command was executed?

dsrm nead to have the objectDN as parameter to the command like below

dsrm "CN=computername,CN=computers,DC=domainname,DC=local"
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24998217
angelIII,
Recommend points split between mine and henjoh09's comments. Henjoh09 has demonstrated the correct syntax for DSRM, while not a complete answer to the original question, whereas my response is a solution, but doesn't use DSRM.
Recommend 50/50 points split.
Thanks,
Tony.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question