Here's the cituation. I've got a win2003 based active directory at work and I'd like to audit computer accounts on our domain. I'm looking for a way to safely delete computer accounts that haven't been used in a long time. When building out new machines, computer accounts get created but sometimes they don't get manually deleted when formating a box. You end up with dead computer accounts in Active Directory.
When logging into a domain, doesn't active directory check username, password and checks if the PC has a valid account in AD? There's gotta be a way to generate some kind of list from AD with the latest date and time each computer account in a given domain has been used in the authentication process. I've seen VB Scripts out there, but I'm looking for a windows based tool to use to do this. Maybe some kind of AD search? An audit policy? Security logs? Something! Any ideas? I can't possibly be the first IT guy to run accross this dilema.
Frankenputer
dutrizacd@hotmail.com
When logging into a domain, doesn't active directory check username, password and checks if the PC has a valid account in AD? There's gotta be a way to generate some kind of list from AD with the latest date and time each computer account in a given domain has been used in the authentication process. I've seen VB Scripts out there, but I'm looking for a windows based tool to use to do this. Maybe some kind of AD search? An audit policy? Security logs? Something! Any ideas? I can't possibly be the first IT guy to run accross this dilema.
Frankenputer
dutrizacd@hotmail.com
Facebook
Twitter