SG Windows IT Pro Group

Hi Guys,

I came across this question today by one of my colleague "Is there anyways to automate the removal of computer names after dis-joining from domain?"

It really struck me and pretty hard for me to answer. Typically, i will manual remove the old computer name and then. move to the specified OU.

Is there really ways to automate this process?

If you dis-joined a computer from domain, you can disable it. THen it will show as disabled computer.

Else, you can use some scripts and commands to check the computer last login age. If you determine that any computer not logon to domain for more than 30 days as dis-joined computers. Then you can delete any computer with last logon age older than 30 days.

orangedeuce:

If you dis-joined a computer from domain, you can disable it. THen it will show as disabled computer.

Else, you can use some scripts and commands to check the computer last login age. If you determine that any computer not logon to domain for more than 30 days as dis-joined computers. Then you can delete any computer with last logon age older than 30 days.

Thanks orangedeuce for the prompt reply.

However, disabling still required manual work and as for script to determine which computer not logon for more than 30 days after dis-joining from domain and then auto removal from AD is pretty risky too.

Nonetheless, thanks. Guess i will do it the manual way of disable > delete > move

Hi DTH,

There is a nice tool that can help you carry out this maintenance tasks: oldcmp.

Refer to following link for more information:

http://www.joeware.net/freetools/tools/oldcmp/index.htm

Yep, OldCmp should be able to delete inactive computer objects. Or you can write a VB script or a Powershell script (with the use of the Quest AD cmdlets). Or, you can give the DSQUERY + DSRM tools a try (the usual "use these at your own risk blah blahs" apply). To delete all computer objects which have been inactive for the past 20 weeks:

dsquery computer -inactive 20 | dsrm