Identifying "dead" machine accounts in Active Directory?

[Robert Gordon]

Is there a way to identify stale or dead system records in AD, for computers
that have been removed from the network for one reason or another (machine
removed and reimaged under a different name, machine account not properly
removed from AD upon retiring that account's machine, etc.).

Even just the ability to simply script a way to identify systems that
haven't accessed AD within the last 10 days would be helpful.

Regards,

Robert Gordon

 

[Ace Fekay [MVP]]

Unless someone else gives you something more specific for W2k or W2k3, check
this out:
http://cwashington.netreach.net/depo/view.asp?Index=883&ScriptType=vbscript
http://cwashington.netreach.net/depo/view.asp?Index=849&ScriptType=vbscript
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Torgeir Bakken (MVP)]

Is there a way to identify stale or dead system records in AD, for computers
that have been removed from the network for one reason or another (machine
removed and reimaged under a different name, machine account not properly
removed from AD upon retiring that account's machine, etc.).

Even just the ability to simply script a way to identify systems that
haven't accessed AD within the last 10 days would be helpful.

Hi

Take a look here (can be used for computer accounts as well):

http://www.rlmueller.net/PwdLastChanged.htm