September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
8.8. Finding Inactive or Unused Computers
Problem
You want to find inactive computer accounts in a domain.
Solution
Warning
These solutions only apply to Windows-based machines. Other types of machines (e.g., Unix) that have accounts in Active Directory may not update their login timestamps or passwords, which are used to determine inactivity.
Using a command-line interface
The following query will locate all inactive computers in the current forest:
> dsquery computer forestroot -inactive <NumWeeks>You can also use
domainroot
in
combination with the -d option to query a specific
domain:
> dsquery computer domainroot -d <DomainName> -inactive <NumWeeks>
or you can target your query at a specific container:
> dsquery computer ou=MyComputers,dc=rallencorp,dc=com -inactive <NumWeeks>Tip
This can only be run against a Windows Server 2003 domain functional level or higher domain.
Using Perl
#!perl #----------------------- # Script Configuration #----------------------- # Domain and container/OU to check for inactive computer accounts my $domain = 'amer.rallencorp.com'; # set to empty string to query entire domain my $computer_cont = 'cn=Computers,'; # Number of weeks used to find inactive computers my $weeks_ago = 30; #----------------------- # End Configuration #----------------------- use strict; use Win32::OLE; $Win32::OLE::Warn = 3; use Math::BigInt; # Must convert the number of seconds since $weeks_ago # to a large integer for comparison against lastLogonTimestamp my $sixmonth_secs = time ...