Solved: Active Directory - Cleanup Stale Machine Accounts Windows 2000 AD

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Hobbs13

Thread Starter
Joined
Jun 24, 2005
Messages
6
QUESTION: Is there a reliable cleanup tool to remove old computer accounts in win2k AD? If so, where do I get it and more info?

Why do I ask.... Well....

We just finished successfully installing SMS 2003 in our domain.
So, we are running our first discovery. In doing this, we are receiving quite a few warnings.

These warning are being generated because SMS is comparing our active directory to the machines it finds on the network.
If it can’t find the machine, but it exists in AD, it returns a warning.
In some cases, the machine is just not turned on.
However, I am sure, many more of these warnings refer to machine accounts that have long been gone from our network, but still exist in active directory.

One way this happens is this: A tech picks up a machine with software issues. Instead of disjoining the domain right away (which would remove the machine account) he/she reformats the machine and joins the domain under a different machine name. Now the old one still exists in AD. Over time things like this build up & get messy.

So, I ask again:
Is there a reliable cleanup tool to remove old computer accounts in win2k AD? If so, where do I get it and more info?
 

Hobbs13

Thread Starter
Joined
Jun 24, 2005
Messages
6
I was hoping for a much more in depth answer.
Yes, the deletion of accounts would be done in the MMC, but I need a cleanup tool to IDENTIFY the stale machine accounts for me. Does such a tool exisit for Windows 2000 AD? Where do I get more info?
 

Hobbs13

Thread Starter
Joined
Jun 24, 2005
Messages
6
I was finally able to discover an AD cleanup method for stale computer accounts in a Windows 2000 AD.

Since we have one 2003 server in our environment (Our SMS 2003 Server), we loaded the 2003 admin pack to that machine.

We were then able to query our Windows 2000 active directory (SP3 required) using the dsquery command.

To display stale computer accounts:
dsquery computer DC=YOURDOMAINNAME,dc=com -stalepwd 45

If you want to delete the accounts, you pipe the results to DSRM:
dsquery computer DC=YOURDOMAINNAME,dc=com -stalepwd 45 | dsrm -noprompt

Not only is our AD much cleaner, our SMS console is free of stale accounts as well.

Here is a link to another site with some additional information on the filtering capabilities of DSQUERY:

More on DSQUERY attribute filtering - http://www.jsifaq.com/SUBP/TIP7700/rh7717.htm

Good Luck ALL
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top