Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DSQUERY server 2003

Posted on 2013-06-03
7
Medium Priority
?
604 Views
Last Modified: 2013-06-03
I've recently be come to a company that has 33 active computers. When I open ADUC there are 195 computers in active directory. I would like to get rid of the old junk ones as I can tell that AD hasn't been cleaned up since the company was founded.

Here is the dilemma.

I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.

"dsquery computer -inactive 4" displays 38 computers.

"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC

I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
0
Comment
Question by:David11011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39216758
Do you physically have only 35 computer objects (including servers).   Can you try other tools to see their results (both tools are free)

Oldcmp  great command line tool
http://www.joeware.net/freetools/tools/oldcmp/

adtidy - GUI tool
http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216765
Yes, there are only 32 physical machines. 3 of the servers are virtualized. I will give these tools a try and report back. Thanks
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216774
With oldcmp just start with

oldcmp -report

Thanks

Mike
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 2

Author Comment

by:David11011
ID: 39216796
Oldcmp worked great. Most the computer accounts have a last logon time stamp of
"0000/00/00-00:00:00" and an age of -1.

I wonder if this is why they weren't showing up with DSQUERY.  after a long lenght of inactivity does AD stop tracking the last logon time?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216815
all 0's  means it has never been set.  Were they active at one time?

What is the functional level of your domain/forest?

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216831
Yes, it is my understanding that they were all logged into at one time. It is running is a 2000 functional level though we don't have any 2000 computers anymore.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216882
ok I asked because if it  was 2003 you could have used -llts to key of lastlogontimestamp.

Thanks

Mike
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question