DSQUERY server 2003
I've recently be come to a company that has 33 active computers. When I open ADUC there are 195 computers in active directory. I would like to get rid of the old junk ones as I can tell that AD hasn't been cleaned up since the company was founded.
Here is the dilemma.
I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.
"dsquery computer -inactive 4" displays 38 computers.
"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC
I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
Here is the dilemma.
I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.
"dsquery computer -inactive 4" displays 38 computers.
"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC
I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With oldcmp just start with
oldcmp -report
Thanks
Mike
oldcmp -report
Thanks
Mike
ASKER
Oldcmp worked great. Most the computer accounts have a last logon time stamp of
"0000/00/00-00:00:00" and an age of -1.
I wonder if this is why they weren't showing up with DSQUERY. after a long lenght of inactivity does AD stop tracking the last logon time?
"0000/00/00-00:00:00" and an age of -1.
I wonder if this is why they weren't showing up with DSQUERY. after a long lenght of inactivity does AD stop tracking the last logon time?
all 0's means it has never been set. Were they active at one time?
What is the functional level of your domain/forest?
Thanks
Mike
What is the functional level of your domain/forest?
Thanks
Mike
ASKER
Yes, it is my understanding that they were all logged into at one time. It is running is a 2000 functional level though we don't have any 2000 computers anymore.
ok I asked because if it was 2003 you could have used -llts to key of lastlogontimestamp.
Thanks
Mike
Thanks
Mike
ASKER