removing unused computers from AD

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have about 200 workstations objects in out Active Directory. Of these at
least 15 are workstations that I believe to be no longer in use or renamed,
possibly many more given our user base is only about 160.
Is there a way to determine when a workstation last authenticated so that we
can safely expire these unused workstation objects. They get in the way and
confuse the management of the system.

Thanks,
Svend.
 
Disable them and see who squawks when they can't get logged in. If a decent
amount of time passes, remove them.

You could check your event logs if you are logging successful login events,
but those may not go back far enough to record history for your endeavor.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 
Missed an essential clause ... "If a decent amount of time passes and no one
complains, remove them."

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Richard G. Harper said:
Disable them and see who squawks when they can't get logged in. If a
decent amount of time passes, remove them.

You could check your event logs if you are logging successful login
events, but those may not go back far enough to record history for your
endeavor.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Svend said:
We have about 200 workstations objects in out Active Directory. Of these
at
least 15 are workstations that I believe to be no longer in use or
renamed,
possibly many more given our user base is only about 160.
Is there a way to determine when a workstation last authenticated so that
we
can safely expire these unused workstation objects. They get in the way
and
confuse the management of the system.

Thanks,
Svend.
Click to expand...
Click to expand...
 
Hey there is a great tool out there. Joeware.net. Called oldcmp. I used it
just last week. Check it out.
 
Thanks Boddy,

That looks like what I'm looking for.
As the blurb says...
"OldCmp was built because there was no decent way to find/report
on/delete old computers in Active Directory. You can use dsget combined with
dsrm but you are really taking your life in your hands. OldCmp has all sorts
of safeties built in to try and prevent you from shooting your own foot."

That about explains that AD cant do it on its own.

Thanks again,
Svend.
 
Back
Top