Home > Active Directory, Computers, Tips > Finding Inactive or Unused Computers

Finding Inactive or Unused Computers

Not always a computer is removed from Active Directory when it is decommissioned. The result is that after a while of time, the contents of Active Directory is no longer aligned with the state of company. To find inactive computers that are still present in Active Directory, you can use different techniques.

If the Active Directory functional level is set to Windows 2003 or higher, then you can use the command dsquery.exe This command is present on all Domain Controllers, or on all Windows 7 workstations.

The following query will locate all inactive computers in the current forest:

dsquery computer forestroot -inactive <NumWeeks>

Where <NumWeeks> indicates the number of weeks of inactivity (i.e 84 days = 12 weeks, 175 days = 25 weeks).

You can also use domainroot in combination with the -d option to query a specific domain:

dsquery computer domainroot -d <DomainName> -inactive <NumWeeks>

for example:

dsquery computer domainroot -d homeworks.it -inactive 25

You can target your query at a specific container (i.e. ou=MyComputers,dc=homeworks,dc=it):

dsquery computer ou=MyComputers,dc=homeworks,dc=it -inactive <NumWeeks>

All commands dsquery.exe cited, should be executed by Command Prompt of a workstation that is part of Active Directory domain. The user running the command must be part, at least, of the Domain Users group in Active Directory.

If the domain functional level of Active Directory is not set to Windows 2003 or higher, you can use the command OldCmp.exe written by Joeware. By default, the command OldCmp.exe research workstations that are not connected to an Active Directory domain for more than 90 days.

To get the list of workstations that do not connect to the domain for more than 90 days in HTML format, just run the command (the list is sorted by Computer Name):

oldcmp -report -sort cn

To get the same list in CSV format, you should run the command:

oldcmp -report -format csv -sort cn

To get list of workstations that do not connect to a domain for more than 180 days, just run the command:

oldcmp -report -age 180 -sort cn

All commands OldCmp.exe cited, should be executed  by Command Prompt of a station that is part of Active Directory domain. The user running the command must be part, at least, of the Domain Users group in Active Directory.

In Active Directory domains whose functional level is set to Windows 2003 or later, the attribute lastLogonTimestamp of Active Directory, is used to know when was the last process of authenticating of a computer. lastLogonTimestamp attribute is replicated among all Domain Controllers. To see if the attribute lastLogonTimestamp is aligned on all Domain Controllers in the domain, you can run the command:

repadmin /showattr * <Distinguish_Name_of_Active_Directory_Domain>
 /subtree /filter:"((&(lastLogontimeStamp=*)(objectClass=computer)))"
 /attrs:lastLogontimeStamp > lastLogontimeStamp.txt

For example:

repadmin /showattr * dc=homeworks,dc=it /subtree
 /filter:"((&(lastLogontimeStamp=*)(objectClass=computer)))"
 /attrs:lastLogontimeStamp > lastLogontimeStamp.txt

By editing the file LastLogontimeStamp.txt, you can see if the attribute lastLogonTimestamp is aligned on all Domain Controllers. In the file LastLogontimeStamp.txt, are listed the attributes lastLogonTimestamp of each computer that is recorded on each Domain Controller.

For more information, please read the post of NedPyle called “The LastLogonTimeStamp Attribute” – What it was designed for and how it works

To learn how to raise the functional level of an Active Directory domain, you can see the Microsoft Knowledge Base KB322692.

  1. vfx
    10/05/2013 at 00:20

    I pay a quick visit each day some websites and websites to read content, except this blog offers quality
    based articles.

  2. 28/05/2013 at 09:02

    Thanks designed for sharing such a nice opinion, piece of writing is nice,
    thats why i have read it completely

  3. 30/06/2013 at 08:18

    Hi, I do believe this is a great blog. I stumbledupon it😉 I may revisit once again since i have book marked it.
    Money and freedom is the greatest way to change, may you be rich
    and continue to guide others.

  4. 15/07/2013 at 16:33

    My brother suggested I might like this blog. He was totally right.
    This post actually made my day. You can not imagine
    just how much time I had spent for this info!

    Thanks!

  5. 18/07/2013 at 03:59

    Have you got a Twitter profile that we can become followers of?
    And where can we get more related articles
    that you authored in the past?

  6. 30/07/2013 at 05:06

    This is really attention-grabbing, You’re a very professional blogger. I have joined your rss feed and look ahead to in search of more of your magnificent post. Additionally, I’ve shared your web site in my social networks

  7. 04/10/2013 at 05:13

    Pretty! This has been an extremely wonderful post.
    Thanks for supplying this info.

  8. 18/10/2013 at 18:27

    Hi there all, here every person is sharing these kinds of
    knowledge, thus it’s fastidious to read this website, and I
    used to go to see this blog every day.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: