Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
QUESTION: Is there a reliable cleanup tool to remove old computer accounts in win2k AD? If so, where do I get it and more info?

Why do I ask.... Well....

We just finished successfully installing SMS 2003 in our domain.
So, we are running our first discovery. In doing this, we are receiving quite a few warnings.

These warning are being generated because SMS is comparing our active directory to the machines it finds on the network.
If it can’t find the machine, but it exists in AD, it returns a warning.
In some cases, the machine is just not turned on.
However, I am sure, many more of these warnings refer to machine accounts that have long been gone from our network, but still exist in active directory.

One way this happens is this: A tech picks up a machine with software issues. Instead of disjoining the domain right away (which would remove the machine account) he/she reformats the machine and joins the domain under a different machine name. Now the old one still exists in AD. Over time things like this build up & get messy.

So, I ask again:
Is there a reliable cleanup tool to remove old computer accounts in win2k AD? If so, where do I get it and more info?
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
I was hoping for a much more in depth answer.
Yes, the deletion of accounts would be done in the MMC, but I need a cleanup tool to IDENTIFY the stale machine accounts for me. Does such a tool exisit for Windows 2000 AD? Where do I get more info?
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #4 ·
I was finally able to discover an AD cleanup method for stale computer accounts in a Windows 2000 AD.

Since we have one 2003 server in our environment (Our SMS 2003 Server), we loaded the 2003 admin pack to that machine.

We were then able to query our Windows 2000 active directory (SP3 required) using the dsquery command.

To display stale computer accounts:
dsquery computer DC=YOURDOMAINNAME,dc=com -stalepwd 45

If you want to delete the accounts, you pipe the results to DSRM:
dsquery computer DC=YOURDOMAINNAME,dc=com -stalepwd 45 | dsrm -noprompt

Not only is our AD much cleaner, our SMS console is free of stale accounts as well.

Here is a link to another site with some additional information on the filtering capabilities of DSQUERY:

More on DSQUERY attribute filtering - http://www.jsifaq.com/SUBP/TIP7700/rh7717.htm

Good Luck ALL
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top