How to tell when a computer account last logged in on a domin

P

Pontus Ireteg

Hi,

we have a lot of computer accounts at my work that not should be left
in the domain (i.e. they have not been taken down from the domain properly).

My question is how you can tell the last login at the domian for a computer
account? Could you do it in AD Users & Computers somehow, or must I
use a third part program, and in that case, any suggestions of what program?

We have a Win 2000 AD-domain.

Sorry for the bad english...


Thanks

Pontus Ireteg
Enea Data
 
M

Moreno

Hi Pontus,

can you give us more details?

Do you want to REMOVE the old (and unused) computer
accouts from the domain?

Moreno
 
P

Pontus Ireteg

Hi,

yes, we would like to remove computer-accounts that haven´t log on to
the domain in a specified time, i.e. 6 month.

I've tryed a program called Dameware NT Utilities, but I can't find that
information about last loged in computer accounts.

So, is there another way or program to do that?


Regards

Pontus Ireteg
 
K

Kwyjibo.

Pontus Ireteg said:
Hi,

yes, we would like to remove computer-accounts that haven´t log on to
the domain in a specified time, i.e. 6 month.

I've tryed a program called Dameware NT Utilities, but I can't find that
information about last loged in computer accounts.

So, is there another way or program to do that?
Click to expand...

Try the script on this page:
http://www.rlmueller.net/Programs/LastLogon.txt (you will need to save it
as a .vbs file for it to run)

In its current state, it will search for computer accounts, but by changing
the line that reads
strFilter = "(&(objectCategory=person)(objectClass=user))"
to
strFilter = "(objectCategory=computer)"
it wil cause the script to pick up Computer accounts instead of users.

Just use the command
cscript //nologo LastLogon.vbs > output.txt
and it will send all the info to to a file named output.txt.
 
A

Active Directory Janitor DevTeam

Hello Pontus

I would really like to advice you to take a look at Active Directory
Janitor (http://www.adjanitor.com) It will do exactly this for you in
a controlled and quick way. It can be downloaded and tested right
away. You could try to do the same with a script but it would not give
you this:

* Easy-to-use user interface, don't take my word for it :) look here
for some examples: http://www.adjanitor.com/screenshots
* The scanning operation is multithreaded giving a huge performance
advantage over scripting. The progress of the scanning is displayed
visually and can be aborted.
* The computers can be selected by partial names, by domains/OUs or
even imported from text files on the fly. Multiple domains and
subdomains are supported.
* All the computers are pinged in parallell to help decide if the
accounts are active or not.
* Up to 15 different properties are collected from the computers, for
example last logon, create date, OU. This icludes properties that are
not replicated in AD. The computer list can be sorted by anyone of
these.
* Computers can be selected for deletion, disabling OR enabling.
* A robust well tested application.
* Finally, compare the hours of implementing, testing and maintaining
a script solution to make it reliable and robust to the $49.95 that
Active Directory Janitor costs!

Tomas
Active Directory DevTeam
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to log on with a domain account 3
How to tell last login? 1
last account log on? 7
How to determine last logon time for a computer account in a domain 5
Verify computer account in AD belongs to local computer? 1
Last logged in for user accounts 3
user account to last logged on PC 2
Computer accounts and Remote DCs 2

Top