Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DSQUERY server 2003

Posted on 2013-06-03
7
Medium Priority
?
610 Views
Last Modified: 2013-06-03
I've recently be come to a company that has 33 active computers. When I open ADUC there are 195 computers in active directory. I would like to get rid of the old junk ones as I can tell that AD hasn't been cleaned up since the company was founded.

Here is the dilemma.

I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.

"dsquery computer -inactive 4" displays 38 computers.

"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC

I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
0
Comment
Question by:David11011
  • 4
  • 3
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39216758
Do you physically have only 35 computer objects (including servers).   Can you try other tools to see their results (both tools are free)

Oldcmp  great command line tool
http://www.joeware.net/freetools/tools/oldcmp/

adtidy - GUI tool
http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216765
Yes, there are only 32 physical machines. 3 of the servers are virtualized. I will give these tools a try and report back. Thanks
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216774
With oldcmp just start with

oldcmp -report

Thanks

Mike
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 2

Author Comment

by:David11011
ID: 39216796
Oldcmp worked great. Most the computer accounts have a last logon time stamp of
"0000/00/00-00:00:00" and an age of -1.

I wonder if this is why they weren't showing up with DSQUERY.  after a long lenght of inactivity does AD stop tracking the last logon time?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216815
all 0's  means it has never been set.  Were they active at one time?

What is the functional level of your domain/forest?

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216831
Yes, it is my understanding that they were all logged into at one time. It is running is a 2000 functional level though we don't have any 2000 computers anymore.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216882
ok I asked because if it  was 2003 you could have used -llts to key of lastlogontimestamp.

Thanks

Mike
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question