Finding Inactive or Unused Computers
Not always a computer is removed from Active Directory when it is decommissioned. The result is that after a while of time, the contents of Active Directory is no longer aligned with the state of company. To find inactive computers that are still present in Active Directory, you can use different techniques.
If the Active Directory functional level is set to Windows 2003 or higher, then you can use the command dsquery.exe This command is present on all Domain Controllers, or on all Windows 7 workstations.
The following query will locate all inactive computers in the current forest:
dsquery computer forestroot -inactive <NumWeeks>
Where <NumWeeks> indicates the number of weeks of inactivity (i.e 84 days = 12 weeks, 175 days = 25 weeks).
You can also use domainroot in combination with the -d option to query a specific domain:
dsquery computer domainroot -d <DomainName> -inactive <NumWeeks>
for example:
dsquery computer domainroot -d homeworks.it -inactive 25
You can target your query at a specific container (i.e. ou=MyComputers,dc=homeworks,dc=it):
dsquery computer ou=MyComputers,dc=homeworks,dc=it -inactive <NumWeeks>
All commands dsquery.exe cited, should be executed by Command Prompt of a workstation that is part of Active Directory domain. The user running the command must be part, at least, of the Domain Users group in Active Directory.
If the domain functional level of Active Directory is not set to Windows 2003 or higher, you can use the command OldCmp.exe written by Joeware. By default, the command OldCmp.exe research workstations that are not connected to an Active Directory domain for more than 90 days.
To get the list of workstations that do not connect to the domain for more than 90 days in HTML format, just run the command (the list is sorted by Computer Name):
oldcmp -report -sort cn
To get the same list in CSV format, you should run the command:
oldcmp -report -format csv -sort cn
To get list of workstations that do not connect to a domain for more than 180 days, just run the command:
oldcmp -report -age 180 -sort cn
All commands OldCmp.exe cited, should be executed by Command Prompt of a station that is part of Active Directory domain. The user running the command must be part, at least, of the Domain Users group in Active Directory.
In Active Directory domains whose functional level is set to Windows 2003 or later, the attribute lastLogonTimestamp of Active Directory, is used to know when was the last process of authenticating of a computer. lastLogonTimestamp attribute is replicated among all Domain Controllers. To see if the attribute lastLogonTimestamp is aligned on all Domain Controllers in the domain, you can run the command:
repadmin /showattr * <Distinguish_Name_of_Active_Directory_Domain> /subtree /filter:"((&(lastLogontimeStamp=*)(objectClass=computer)))" /attrs:lastLogontimeStamp > lastLogontimeStamp.txt
For example:
repadmin /showattr * dc=homeworks,dc=it /subtree /filter:"((&(lastLogontimeStamp=*)(objectClass=computer)))" /attrs:lastLogontimeStamp > lastLogontimeStamp.txt
By editing the file LastLogontimeStamp.txt, you can see if the attribute lastLogonTimestamp is aligned on all Domain Controllers. In the file LastLogontimeStamp.txt, are listed the attributes lastLogonTimestamp of each computer that is recorded on each Domain Controller.
For more information, please read the post of NedPyle called “The LastLogonTimeStamp Attribute” – What it was designed for and how it works
To learn how to raise the functional level of an Active Directory domain, you can see the Microsoft Knowledge Base KB322692.
I pay a quick visit each day some websites and websites to read content, except this blog offers quality
based articles.
Thanks designed for sharing such a nice opinion, piece of writing is nice,
thats why i have read it completely
Hi, I do believe this is a great blog. I stumbledupon it 😉 I may revisit once again since i have book marked it.
Money and freedom is the greatest way to change, may you be rich
and continue to guide others.
My brother suggested I might like this blog. He was totally right.
This post actually made my day. You can not imagine
just how much time I had spent for this info!
Thanks!
Have you got a Twitter profile that we can become followers of?
And where can we get more related articles
that you authored in the past?
This is really attention-grabbing, You’re a very professional blogger. I have joined your rss feed and look ahead to in search of more of your magnificent post. Additionally, I’ve shared your web site in my social networks
Pretty! This has been an extremely wonderful post.
Thanks for supplying this info.
Hi there all, here every person is sharing these kinds of
knowledge, thus it’s fastidious to read this website, and I
used to go to see this blog every day.