Announcement

Collapse
No announcement yet.

Audit old PC accounts in AD?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Audit old PC accounts in AD?

    Can anyone recommend to me an easy way to audit old computer accounts in AD? I'm handling an AD environment that includes several companies, and there are several pc accounts which need removed. Ideally, there is a simple freeware or method native to Windows that will help me accomplish this. Thanks!

  • #2
    Re: Audit old PC accounts in AD?

    Hi

    Try the Dsquery computer command, with the -stalepwd option.
    It will query the computer accounts that haven't been used for a while.

    DSQUERY COMPUTER


    Description: Finds computers in the directory matching specified
    search criteria.

    Syntax: dsquery computer [{<StartNode> | forestroot | domainroot}]
    [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}]
    [-name <Name>] [-desc <Description>] [-samid <SAMName>]
    [-inactive <NumWeeks>] [-stalepwd <NumDays>] [-disabled]
    [{-s <Server> | -d <Domain>}] [-u <UserName>]
    [-p {<Password> | *}] [-q] [-r] [-gc]
    [-limit <NumObjects>] [{-uc | -uco | -uci}]

    Or try this: http://www.joeware.net/freetools/tools/oldcmp/index.htm

    Hope it helps
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Audit old PC accounts in AD?

      I ended up writing a simple vbscript to do this:

      Code:
      ' 
      ' List unused computer accounts
      ' Written by David Hope - http://davehope.co.uk
      ' 
      ' Setup:
      ' + Change the strDomain variable to point to one of your DCs
      ' + Change the intMaxAge variable to the number of days after which a computer
      '   account is considered not in use.
      ' 
      
      
      On error Resume Next 
      
      ' Configuration.
      ' =============================================================================
      strDomain		=	"nwtraders.msft"
      intMaxAge		=	120
      
      
      ' Get object containging accounts and filter to just computers.
      ' =============================================================================
      Set objDomain		=	GetObject("WinNT://" & strDomain ) 
      objDomain.Filter	=	Array("computer") 
      
      
      
      ' Iterate through computers older than the threshold and print their age.
      ' =============================================================================
      WScript.Echo "------------------------------------------------------------------"
      WScript.Echo "Showing computer accounts from " & objDomain.Name & " older than " & intMaxAge & " days"
      WScript.Echo "------------------------------------------------------------------"
      intComputers		=	0
      
      For each objDomainItem in objDomain
      
      	Set objAccount		=	GetObject("WinNT://" & objDomain.Name & "/" & objDomainItem.Name & "$") 
      	strPassAge		=	FormatNumber((objAccount.get("PasswordAge")) / 86400 , 0) 
      
      	If CInt(strPassAge) >= CInt(intMaxAge) then 
      		WScript.Echo "Name: " & Left(objDomainItem.Name & Space(25),25) & "Age: " & strPassAge & " days"
      	End If 
      
      	intComputers		=	intComputers+ 1
      Next 
      
      
      ' Display some basic statistics.
      ' =============================================================================
      WScript.Echo	"------------------------------------------------------------------"
      WScript.Echo	"Old Computers: " & intComputers  & vbNewLine
      
      set objDomain		=	Nothing 
      Wscript.quit
      Hope it helps.

      Comment


      • #4
        Re: Audit old PC accounts in AD?

        Check out OLDCMP Joeware.net:

        http://www.joeware.net/freetools/tools/oldcmp/index.htm

        I can definately recommend this one

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Audit old PC accounts in AD?

          OLDCMP is good, use it all the time for this very task. Stupid easy to use too.

          Comment

          Working...
          X