Solved

DSQUERY server 2003

Posted on 2013-06-03
7
583 Views
Last Modified: 2013-06-03
I've recently be come to a company that has 33 active computers. When I open ADUC there are 195 computers in active directory. I would like to get rid of the old junk ones as I can tell that AD hasn't been cleaned up since the company was founded.

Here is the dilemma.

I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.

"dsquery computer -inactive 4" displays 38 computers.

"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC

I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
0
Comment
Question by:David11011
  • 4
  • 3
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39216758
Do you physically have only 35 computer objects (including servers).   Can you try other tools to see their results (both tools are free)

Oldcmp  great command line tool
http://www.joeware.net/freetools/tools/oldcmp/

adtidy - GUI tool
http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216765
Yes, there are only 32 physical machines. 3 of the servers are virtualized. I will give these tools a try and report back. Thanks
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216774
With oldcmp just start with

oldcmp -report

Thanks

Mike
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 2

Author Comment

by:David11011
ID: 39216796
Oldcmp worked great. Most the computer accounts have a last logon time stamp of
"0000/00/00-00:00:00" and an age of -1.

I wonder if this is why they weren't showing up with DSQUERY.  after a long lenght of inactivity does AD stop tracking the last logon time?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216815
all 0's  means it has never been set.  Were they active at one time?

What is the functional level of your domain/forest?

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216831
Yes, it is my understanding that they were all logged into at one time. It is running is a 2000 functional level though we don't have any 2000 computers anymore.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216882
ok I asked because if it  was 2003 you could have used -llts to key of lastlogontimestamp.

Thanks

Mike
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question