Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Remove orphaned computer accounts from AD?
Remove orphaned computer accounts from AD? [message #160504] Mon, 31 August 2009 11:22 Go to next message
Newbie  is currently offline Newbie  Canada
Messages: 86
Registered: July 2009
Member
Trying to remove some old computer accounts from AD, is it safe to assume if
the last modified date is more than a year, they are safe to remove?

Thanks.
Re: Remove orphaned computer accounts from AD? [message #160507 is a reply to message #160504] Mon, 31 August 2009 11:34 Go to previous messageGo to next message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Newbie schrieb:
> Trying to remove some old computer accounts from AD, is it safe to
> assume if the last modified date is more than a year, they are safe to
> remove?

I'd check for the "pwdLastSet" attribute as computer clients sort of
renew their secure channel passwords with DCs every 30 days. If they
haven't changed them in a while, it's safe to say that they haven't
connected to the corpnet for a while.

Have a look at joe's "oldCMP" tool on joeware.net. It actually does that
job for you and even generates you an HTML list with all machines that
haven't renewed their passwords the last xxx (configurable) days.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Remove orphaned computer accounts from AD? [message #160512 is a reply to message #160507] Mon, 31 August 2009 12:40 Go to previous messageGo to next message
Newbie  is currently offline Newbie  Canada
Messages: 86
Registered: July 2009
Member
Thank you Florian for the link, much appreciated.


"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in
message news:e9KTYGmKKHA.4168@TK2MSFTNGP05.phx.gbl...
> Howdie!
>
> Newbie schrieb:
>> Trying to remove some old computer accounts from AD, is it safe to assume
>> if the last modified date is more than a year, they are safe to remove?
>
> I'd check for the "pwdLastSet" attribute as computer clients sort of renew
> their secure channel passwords with DCs every 30 days. If they haven't
> changed them in a while, it's safe to say that they haven't connected to
> the corpnet for a while.
>
> Have a look at joe's "oldCMP" tool on joeware.net. It actually does that
> job for you and even generates you an HTML list with all machines that
> haven't renewed their passwords the last xxx (configurable) days.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Remove orphaned computer accounts from AD? [message #160513 is a reply to message #160504] Mon, 31 August 2009 12:51 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Newbie,

As Florian stated OldCmp is the easiest and a free solution. It works fine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Trying to remove some old computer accounts from AD, is it safe to
> assume if the last modified date is more than a year, they are safe to
> remove?
>
> Thanks.
>
Previous Topic:Replaced domain controller...
Next Topic:why network logon fallback to NTLM using anonymous account?
Goto Forum:
  


Current Time: Tue Jan 16 10:41:52 MST 2018

Total time taken to generate the page: 0.02235 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software