Solved

Identify and clean up inactive domain systems in computer OU and DNS

Posted on 2012-04-09
5
1,374 Views
Last Modified: 2012-05-24
Hello,

We have a mix of WIN2K3 and WIN2K8 systems.  The mix of the two version of the OS includes our domain controller servers.  

There are a lot of domain system which are no longer on the network.  We are trying to identify these systems and remove them from the Computer OU and also from DNS console.  

Please advise if you have an idea of how to do this.

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 250 total points
ID: 37824018
To clean up DNS, enable DNS scavenging. http://technet.microsoft.com/en-us/library/cc757041(v=WS.10).aspx

To clean up your computer accounts, you can download Active Directory Janitor or do a custom AD query.

In Active Directory Users and Computers, go to Saved Queries. Right Click and create a new query. This custom query will show you computers not used in a year: (&(objectClass=computer)(lastLogontimestamp<=129417875990000000))

Always check first to verify that the computer isn't in use.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 37824028
A couple of ways to tackle this

I like oldcmp by Joe Richards   http://www.joeware.net/freetools/tools/oldcmp/

If you prefer GUI tools then look at adtidy  http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Both tools are free and do an excellent job.  

In terms of DNS, you will want to enable scavenging to clear out some of those old/stale records, good blog entry here   http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Thanks

Mike
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37827001
You can use Joe's OldCmp tool as Mike suggested . Its a great tool to identify and remove old computer accounts.

And to clear old DNS entries you can enable scavenging in DNS as others have suggested.

Additionally if you love to use scripts to find out the OLD computers and delete them then refer below articles which includes the scripts.

http://jeffwouters.nl/index.php/2011/10/powershell-removing-old-computer-accounts-from-your-active-directory/

http://blogs.technet.com/b/heyscriptingguy/archive/2008/11/19/how-can-i-find-old-computer-accounts.aspx

Regards,

_Prashant_
0
 

Author Comment

by:nav2567
ID: 37846667
All I am trying to accomplish right now is just to list all inactive domain computers for more than 90 days.  

Can someone who knows power shell take a look at this and see if this is the right one?

http://gallery.technet.microsoft.com/scriptcenter/6b8163d1-5fae-43b5-a664-a2d1f6e1e2da

Again, I just want to list but NOT TO DELETE COMPUTER FROM AD.

Thanks again ; )
0
 

Author Closing Comment

by:nav2567
ID: 38008482
Thanks.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question