Active Directory: Find Inactive Computer Accounts
Here’s a little script I wrote recently to find computer accounts that have been inactive (unused) for more than 60 days and are still resident in Active Directory.
The computers are searched for throughout the entire directory so you shouldn’t miss any. Consider extending this script to automatically delete accounts found by this script.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
On Error Resume NextConst ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provifder = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = "SELECT Name, whenChanged FROM 'LDAP://DC=yourdomain, DC=co, DC=uk' WHERE objectCategory='computer' ORDER by whenChanged" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst iCount = 1 WScript.Echo "The following machines have not been used on the network in the last 60 days:" & vbLf Do Until objRecordSet.EOF If objRecordSet.Fields("whenChanged").Value < Now - 60 Then WScript.Echo iCount & ": " & objRecordSet.Fields("Name").Value & " - " & objRecordSet.Fields("whenChanged").Value iCount = iCount + 1 End If objRecordSet.MoveNext Loop |
