Jump to content

computer account expiration in AD?


 Share

Recommended Posts

Hi all,

i have a question, do computer accounts in active directory get deleted automatically after a set period of time if that computer has been removed from the network?

thanks :D

Link to comment
Share on other sites


thanks fizban,

i think there should at least be an option for you to enable if you wish for a computer account to be deleted after a set period of time, that would be good.

oh well, roll on longhorn server :)

Link to comment
Share on other sites

You can automate the process using dsquery and dsrm. Run from the command prompt

dsquery computer  -inactive X >InactComps.txt

where X is the number of weeks of inactivty you want to check for. After you check this file place a ";" at the end of each line using search and replace. Then run the following command line to delete them.

for /f "delims=;" %i in (InactComps.txt) do dsrm -noprompt %i

This same procedure can also be used for users; just replace computer with user and you get a similar list of inactive users.

Link to comment
Share on other sites

think there should at least be an option for you to enable if you wish for a computer account to be deleted after a set period of time, that would be good.

oh well, roll on longhorn server

:) just checked longhorn server, not there either.... though that will be good feedback for it, users accounts can be disabled after a certain length of time, that would be a better option anway the users account is more dangerous then the computer account.

Link to comment
Share on other sites

  • 1 year later...
You can automate the process using dsquery and dsrm. Run from the command prompt

dsquery computer  -inactive X >InactComps.txt

where X is the number of weeks of inactivty you want to check for. After you check this file place a ";" at the end of each line using search and replace. Then run the following command line to delete them.

for /f "delims=;" %i in (InactComps.txt) do dsrm -noprompt %i

This same procedure can also be used for users; just replace computer with user and you get a similar list of inactive users.

when i tried to exicute the first code i got the foloowing output from the cmd:

C:\Documents and Settings\administrator>DSQUERY COMPUTER -INACTIVE 4 >INACTAOMPS
.TXT
dsquery failed:The parameter is incorrect.:Windows could not run this query beca
use you are connected to a domain that does not support this query.
type dsquery /? for help.

Link to comment
Share on other sites

  • 2 weeks later...

Computer objects (any objects, actually) don't delete automatically, ever. If you remove a machine from the domain successfully, the object should become a tombstone object and go away after a set time period (see below), but if it is unsuccessful or you just rebuild or down the box permanently without removing it from the domain properly, that object will not go away, ever, on it's own.

Objects that are deleted are actually stored for 60 or 180 days even after deletion (60 days 2003 pre-SP1 and older AD, 180 days 2003 SP1 and later) until garbage collection wipes them out for good.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...