Deleting old machine accounts

[Guest]

How can I determine which machine accounts are left over from machines which
are no longer in an environment? I've inherited a network where a number of
machines were replaced without removing the machine IDs from AD, and with
3000 machine accounts for 1200 desktops, manually checking them just isn't an
option. Thanks!

 

[Steven L Umbach]

See my other reply to your post as I think you will find that the AD command
line tools can do what you want by identifying old accounts and then giving
you the ability to move them or delete them. You can pipe the results of one
command to another such as dsquery to dsmod or dsmove and I suggest that you
first disable the accounts you suspect to be not used and then after a
period of time [maybe moving them into their own OU first] with no
complaints from users then you may want to delete them. Keep in mind that
laptop users that do not connect to the network regularly may show having
computer accounts not being used for quite a while and by all means be sure
to back up the System State of at least the PDC fsmo before deleting any
computer accounts if it is not part of your regular backup strategy which it
should be. Somarsoft makes a neat management program called Hyena that may
also do what you want and make it easy to do.

Steve

http://www.systemtools.com/ --- Hyena
http://technet2.microsoft.com/Windo...22a5-420b-ac0f-2f7c558f82fa1033.mspx?mfr=true