Hack 17 Retrieve the List of Old Domain Computer Accounts

Previous page
Table of content
Next page
 < Day Day Up > 

figs/beginner.gif figs/hack17.gif

Finding inactive computer accounts in Active Directory is a choreunless, of course, you script it .

If you need to quickly retrieve a list of old (inactive) computer accounts in the domain, VBScript is your utility of choice. The script in this hack first asks for the domain name (Figure 2-1), then prompts for the number of days for active computer accounts (Figure 2-2), and then, finally, displays the old computer accounts that are found in the domain.

Figure 2-1. Specifying the name of your domain
figs/wsh_0201.gif
Figure 2-2. Specifying number of days for cutoff
figs/wsh_0202.gif

The computer accounts shown have not been active during the days you specified. For example, when we run the script we can see that the computer account for the machine named SRV111 has a password whose age is beyond the cutoff, so the script recommends that you delete this account to be safe (Figure 2-3).

Figure 2-3. Recommending an account that should be deleted
figs/wsh_0203.gif

This is a great, quick way to find those computers that could be having trouble authenticating, or those that have been brought down but remain in the domain's list.

The Code

Type the following code into Notepad (make sure Word Wrap is turned off), and save it with a .vbs extension as DeleteOldComputers.vbs : 

 On Error Resume Next DomainString=Inputbox("Enter the domain name","Check Active Computers","DomainName") if DomainString="" then wscript.echo "No domain specified or script cancelled." wscript.quit end if numDays=InputBox("What is the number of days to use as a cutoff for" & _ "Active Computer Accounts?","Check Active Computers","XX") if numDays="" then wscript.echo "No cutoff date specified or script cancelled." wscript.quit end if Set DomainObj = GetObject("WinNT://"&DomainString) if err.number<>0 then wscript.echo "Error connecting to " & DomainString  wscript.quit end if DomainObj.Filter = Array("computer") Wscript.echo "Computer Accounts in " & DomainString & " older than " & _ numDays & " days." For each Computer in DomainObj Set Account = GetObject("WinNT://" & DomainString & "/" & Computer.Name & _  "$") RefreshTime = FormatNumber((Account.get("PasswordAge"))/86400,0) If CInt(RefreshTime) >= CInt(numDays) Then wscript.echo "**DELETE** " & Computer.Name & " Password Age is " & _ RefreshTime & " days." End If Next set DomainObj=Nothing set Shell=Nothing Wscript.quit

Running the Hack

To run this script, use Cscript.exe , the command-line script engine for the Windows Script Host (WSH). Here's some sample output when the script is run to delete computer accounts older than 90 days in the MTIT domain: 

 C:\>  cscript.exe DeleteOldComputers.vbs  Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Computer Accounts in mtit older than 90 days. **DELETE** NEWTEST1 Password Age is 151 days. **DELETE** QWER Password Age is 151 days. **DELETE** SRV211 Password Age is 97 days. **DELETE** SRV212 Password Age is 154 days.

Rod Trent

 < Day Day Up > 

Previous page
Table of content
Next page
Windows Server Hacks
Windows Server Hacks
ISBN: 0596006470
EAN: 2147483647
Year: 2004
Pages: 163
Authors: Mitch Tulloch
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Qshell for iSeries
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Special Edition Using Crystal Reports 10
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy