Active computer accounts in AD

[Dave B]

We are performing an inventory of all the active
workstations on our network. Since machines are not
always removed from Active Directory (as they should be)
when the machines are reimaged or decommissioned, "dead"
computer objects/accounts exist in Active Directory.
Is there a way to programmatically determine when a
computer account last communicated with a domain
controller?
Any suggestions are appreciated.

 

[Guest]

Dave
there is a tool called AD Janitor which does thi

http://www.specopssoft.com/products/adjanitor/support/default.as

Irv

 

[Cary Shultz [A.D. MVP]]

Dave,

Take a look at http://www.joeware.net and then go to the free tools and look
for 'oldcmp'. It is a really neat tool that I use alot. Matjaz Ladava also
has a similar tool at http://www.ladava.com ( you will need to click on the
utilities link in the upper left corner of his Site ). If you want to pay
for something ( maybe because you prefer the GUI instead of CLI ) then you
might want to take a look at AD Janitor ( http://www.adjanitor.com ). I
have played with the evaluation version and it looks nice.

However, you did indicated that you are looking for a way to
programmatically do this. I might suggest that you look at the scripting
examples that are all over the Internet ( start with Tech Net ).

HTH,

Cary

 

[Joe Richards [MVP]]

Additionally he could use oldcmp to produce the list (CSV file or suck out the
XML from the DHTML) to find them and then use his own script to remove them or
do what he wants with them.

joe