asked on

Automated removal of expired machines in Active Directory

I'm looking for a way to automate the removal of expired machines (not logged in > 90 days) to help with asset management.

ASKER CERTIFIED SOLUTION

Brum07

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Shift-3

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Mike Kline

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mlongoh

I've written vbscripts to query the last logon date of a computer's object (depending on the forest and domain operational level, you might have to query each domain controller or if you are running at 2003 native then you can query AD directly) and then based on the results you can delete the objects that are old - or move them to an expired OU and then delete them once they are really old. It's up to you.

The code for getting last logon is somewhat complex, but I will attach it shortly in a subsequent post.

Deleting the object from AD via vbscript is pretty easy:

strComputer = "atl-pro-040"
set objComputer = GetObject("LDAP://CN=" & strComputer & ",CN=Computers,DC=fabrikam,DC=com")
objComputer.DeleteObject (0)

Open in new window

SOLUTION

mlongoh

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial