eyeball Posted May 6, 2006 Share Posted May 6, 2006 Hi all,i have a question, do computer accounts in active directory get deleted automatically after a set period of time if that computer has been removed from the network? thanks Link to comment Share on other sites More sharing options...
Grunth0s Posted May 6, 2006 Share Posted May 6, 2006 Not that I am aware of....I don't ever recall seeing an expiry option on a computer account... Link to comment Share on other sites More sharing options...
eyeball Posted May 6, 2006 Author Share Posted May 6, 2006 its just a thought that i had.. you know like in dns you can scavenge for stale records? i wondered if there was a similar sort of thing in AD, thanks for the reply tho Link to comment Share on other sites More sharing options...
fizban2 Posted May 6, 2006 Share Posted May 6, 2006 computer accounts will stay there for ever, just like and AD object until you purposelly delete it Link to comment Share on other sites More sharing options...
eyeball Posted May 7, 2006 Author Share Posted May 7, 2006 thanks fizban,i think there should at least be an option for you to enable if you wish for a computer account to be deleted after a set period of time, that would be good.oh well, roll on longhorn server Link to comment Share on other sites More sharing options...
JohnGruhn Posted May 7, 2006 Share Posted May 7, 2006 You can automate the process using dsquery and dsrm. Run from the command promptdsquery computer -inactive X >InactComps.txt where X is the number of weeks of inactivty you want to check for. After you check this file place a ";" at the end of each line using search and replace. Then run the following command line to delete them. for /f "delims=;" %i in (InactComps.txt) do dsrm -noprompt %iThis same procedure can also be used for users; just replace computer with user and you get a similar list of inactive users. Link to comment Share on other sites More sharing options...
fizban2 Posted May 7, 2006 Share Posted May 7, 2006 think there should at least be an option for you to enable if you wish for a computer account to be deleted after a set period of time, that would be good.oh well, roll on longhorn server just checked longhorn server, not there either.... though that will be good feedback for it, users accounts can be disabled after a certain length of time, that would be a better option anway the users account is more dangerous then the computer account. Link to comment Share on other sites More sharing options...
eyeball Posted May 8, 2006 Author Share Posted May 8, 2006 yeah your right fizban, and thanks ever so much johngruhn! i could automate this with a batch to run every few weeks Link to comment Share on other sites More sharing options...
panzer Posted January 15, 2008 Share Posted January 15, 2008 You can automate the process using dsquery and dsrm. Run from the command promptdsquery computer -inactive X >InactComps.txt where X is the number of weeks of inactivty you want to check for. After you check this file place a ";" at the end of each line using search and replace. Then run the following command line to delete them. for /f "delims=;" %i in (InactComps.txt) do dsrm -noprompt %iThis same procedure can also be used for users; just replace computer with user and you get a similar list of inactive users.when i tried to exicute the first code i got the foloowing output from the cmd:C:\Documents and Settings\administrator>DSQUERY COMPUTER -INACTIVE 4 >INACTAOMPS.TXTdsquery failed:The parameter is incorrect.:Windows could not run this query because you are connected to a domain that does not support this query.type dsquery /? for help. Link to comment Share on other sites More sharing options...
cluberti Posted January 29, 2008 Share Posted January 29, 2008 Computer objects (any objects, actually) don't delete automatically, ever. If you remove a machine from the domain successfully, the object should become a tombstone object and go away after a set time period (see below), but if it is unsuccessful or you just rebuild or down the box permanently without removing it from the domain properly, that object will not go away, ever, on it's own.Objects that are deleted are actually stored for 60 or 180 days even after deletion (60 days 2003 pre-SP1 and older AD, 180 days 2003 SP1 and later) until garbage collection wipes them out for good. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now