Auto Delete from AD

Discussion in 'Server Security' started by mutsa, Oct 11, 2004.

  1. mutsa

    mutsa Guest

    Does any one know if there is an automatic way to scavenge and delete the
    accounts of machines that have been taken permanently off-line but have not
    been cleanly removed from the domain.

    For example a machine is built using RIS which will automatically add that
    client to AD. After that the user removes the machine from the network to
    make it stand-alone, but does not inform me. I would like that machines
    account to be either deleted automatically from AD after a set period of
    time of say 60 days or disabled somehow.

    Is this possible and can anyone help.

    MMMSD
     
    mutsa, Oct 11, 2004
    #1
    1. Advertisements

  2. mutsa

    Mark Gamache Guest

    Mark Gamache, Oct 12, 2004
    #2
    1. Advertisements

  3. mutsa

    mutsa Guest

    There are two wars to answer this question, one is to upgrade to W2K3 and
    use the DS** commands

    Or

    Use a Joe ware tool that does a similar sort of thing.

    Thank you for your help
     
    mutsa, Oct 13, 2004
    #3
  4. What you can do is to have some sort of script that scan AD regularly for
    such computer accounts by leveraging the pwdLastSet attribute. It basically
    identifies stale computer accounts based on the number of days since the
    computer account has logged on to the domain. Or you can use the lastlogon
    attribute. Because the LastLogon attribute is not replicated, every Domain
    Controller in the domain must be queried to find the latest LastLogon date
    for each computer.

    I would recommend simply disabling the identified accounts for a period of
    time prior to deletion. This would give you a pre-determined window of time
    for improperly identified machines to be re-enabled.

    Zunquan Wang [MSFT]

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Zunquan Wang [MSFT], Oct 15, 2004
    #4
  5. Joe Richards [MVP], Oct 16, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.