lewisroberts.com

Active Directory: Find Inactive Computer Accounts

Here’s a little script I wrote recently to find computer accounts that have been inactive (unused) for more than 60 days and are still resident in Active Directory.

The computers are searched for throughout the entire directory so you shouldn’t miss any. Consider extending this script to automatically delete accounts found by this script.

On Error Resume NextConst ADS_SCOPE_SUBTREE = 2


Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provifder = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT Name, whenChanged FROM 'LDAP://DC=yourdomain, DC=co, DC=uk' WHERE objectCategory='computer' ORDER by whenChanged"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
iCount = 1
WScript.Echo "The following machines have not been used on the network in the last 60 days:" & vbLf

Do Until objRecordSet.EOF If objRecordSet.Fields("whenChanged").Value < Now - 60 Then WScript.Echo iCount & ": " & objRecordSet.Fields("Name").Value & " - " & objRecordSet.Fields("whenChanged").Value iCount = iCount + 1 End If objRecordSet.MoveNext Loop

This entry was posted on Friday, February 24th, 2006 at 10:51 and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Active Directory: Find Inactive Computer Accounts

Leave a Reply