wrote in message Well, the computer object is automatically updated with information
from the netlogon service during secure channel setup.
You can find unused or inactive computer accounts by searching for
certain computer object attributes with LDAP searches.
Computer objects that have never been used do not have the
operatingSystem, OperatingSystemServicePack and operatingSystemVersion
attributes set.
If the whenChanged attribute is more than a month old, the computer
probably is not active on a network making periodic password changes.
You can also check the lastLogon attribute. (the whenChanged and
lastLogon attributes is non-replicated attributes which means you have
to examine it on all domain controllers)
To search you can use a tool like ldp (from support tools)
However, I do recommend using a script for this...there are many good
examples scripts for this on the net....
regards
Johan Arwidmark
Windows User Group - Nordic
http://www.wug-nordic.net
On Sat, 20 Mar 2004 21:11:40 -0800, "Mehrab"
Hi,
I need to delete a few hundreds of old computer accounts
from Active Directory on Windows 2000, SP4.
I don't want to perform this by scripting. I'm looking
for an LDAP query on Active Directory to find these old
computer accounts. Any help is much appreciated.
Thanks
Mehrab