8.8. Finding Inactive or Unused Computers
Problem
You want to find inactive computer accounts in a domain.
Solution
Warning
These solutions only apply to Windows-based machines. Other types of machines (e.g., Unix) that have accounts in Active Directory may not update their login timestamps or passwords, which are used to determine inactivity.
Using a command-line interface
The following query will locate all inactive computers in the current forest:
> dsquery computer forestroot -inactive <NumWeeks>You can also use
domainroot
in
combination with the -d option to query a specific
domain:
> dsquery computer domainroot -d <DomainName> -inactive <NumWeeks>
or you can target your query at a specific container:
> dsquery computer ou=MyComputers,dc=rallencorp,dc=com -inactive <NumWeeks>Tip
This can only be run against a Windows Server 2003 domain functional level or higher domain.
Using Perl
#!perl #----------------------- # Script Configuration #----------------------- # Domain and container/OU to check for inactive computer accounts my $domain = 'amer.rallencorp.com'; # set to empty string to query entire domain my $computer_cont = 'cn=Computers,'; # Number of weeks used to find inactive computers my $weeks_ago = 30; #----------------------- # End Configuration #----------------------- use strict; use Win32::OLE; $Win32::OLE::Warn = 3; use Math::BigInt; # Must convert the number of seconds since $weeks_ago # to a large integer for comparison against lastLogonTimestamp my $sixmonth_secs = time ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
