Removal of Objects in AD

R

ross_k

Our AD computers OU has nearly 2200 objects listed. The
problem is that we actually have about 750 computers on
the domain. In previous AD Users and Computers I believe
that I have noticed that computer names of PCs that are
not connected may have the red x circle on them or they
disappear completely after enough time. At my current
workplace the defunct or non-existent PCs remain in the
OU listing even after several months. This is causing a
lot of problems as we plan to re-organize our AD
structure. What are we missing that might be causing this
behavior?
Thanks in Advance.
 
C

Chriss3

Hello ros_k

A Computer Account can be disabled, and removed. the red x circle means that
the object is disabled. When you try to unjoin or remove a computer from a
domain at the client if the client not are unabel to remove the Computer
account it become in disabled state.

//Christoffer Andersson
 
M

Matjaz Ladava [MVP]

AD has no built in mechanism to remove inactive computers from AD. There are
some utilities around to do this. If your forest is in Windows server 2003
mode, then you can use new CLI tools to do this like

dsquery computer -inactive 5 | dsrm

which would remove computers that are inactive for 5 weeks. In your other
place you had probably a script running in scheduled task that did this
maintenance. It first disabled accounts and then after some preconfigured
time it deleted them, but I'm of course just guessing.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
B

Buz [MSFT]

Hello Ross,

Computers that have been removed from the domain may get their account
disabled but they are not automatically purged from Active Directory. You
can delete these invalid computer objects manually and they will be removed
after the tombstone lifetime:

248047 Phantoms, Tombstones and the Infrastructure Master
http://support.microsoft.com/?id=248047


Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

pc takes time to apply computer settings 1
AD OU Objects and Replication Performance 5
New members and OUs 5
Active Directory structure - OU's 2
GPO Computer Setting - Ccan they be applied to Users ? 6
Identify logonserver for all computer accounts in AD 3
GPO and Add Computer to Domain 1
Security Propagation Withing AD 2000 4

Top