Solved

DSQUERY server 2003

Posted on 2013-06-03
7
581 Views
Last Modified: 2013-06-03
I've recently be come to a company that has 33 active computers. When I open ADUC there are 195 computers in active directory. I would like to get rid of the old junk ones as I can tell that AD hasn't been cleaned up since the company was founded.

Here is the dilemma.

I open command prompt and enter
"dsquery computer -inactive 10" this should display the computers that have not been logged into in the last 10 weeks. it only shows 35 computers.

"dsquery computer -inactive 4" displays 38 computers.

"dsquery computer -limit 200" displays 195 computers which is accurate with the number of computers in ADUC

I would expect there to be something like 160 inactive computers not 35. Do you know why all of them aren't showing up when I put the "-inactive" statement in the command?
0
Comment
Question by:David11011
  • 4
  • 3
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39216758
Do you physically have only 35 computer objects (including servers).   Can you try other tools to see their results (both tools are free)

Oldcmp  great command line tool
http://www.joeware.net/freetools/tools/oldcmp/

adtidy - GUI tool
http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216765
Yes, there are only 32 physical machines. 3 of the servers are virtualized. I will give these tools a try and report back. Thanks
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216774
With oldcmp just start with

oldcmp -report

Thanks

Mike
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 2

Author Comment

by:David11011
ID: 39216796
Oldcmp worked great. Most the computer accounts have a last logon time stamp of
"0000/00/00-00:00:00" and an age of -1.

I wonder if this is why they weren't showing up with DSQUERY.  after a long lenght of inactivity does AD stop tracking the last logon time?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216815
all 0's  means it has never been set.  Were they active at one time?

What is the functional level of your domain/forest?

Thanks

Mike
0
 
LVL 2

Author Comment

by:David11011
ID: 39216831
Yes, it is my understanding that they were all logged into at one time. It is running is a 2000 functional level though we don't have any 2000 computers anymore.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39216882
ok I asked because if it  was 2003 you could have used -llts to key of lastlogontimestamp.

Thanks

Mike
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now