لطفا منتظر باشید ...
Hack 17 Retrieve the List of Old Domain Computer Accounts
Finding inactive computer accounts in Active
Directory is a choreunless, of course, you script
it.
If you need to quickly retrieve a list
of old (inactive) computer accounts in the domain, VBScript
is your utility of choice. The script
in this hack first asks for the domain name (Figure 2-1), then prompts for the number of days for
active computer accounts (Figure 2-2), and then,
finally, displays the old computer accounts that are found in the
domain.
Figure 2-1. Specifying the name of your domain
Figure 2-2. Specifying number of days for cutoff
The computer accounts shown have not been active during the days you
specified. For example, when we run the script we can see that the
computer account for the machine named SRV111 has a password whose
age is beyond the cutoff, so the script recommends that you delete
this account to be safe (Figure 2-3).
Figure 2-3. Recommending an account that should be deleted
This is a great, quick way to find those computers that could be
having trouble authenticating, or those that have been brought down
but remain in the domain's list.
The Code
Type the following code into
Notepad (make sure Word Wrap is turned off), and save it with a
.vbs extension as
DeleteOldComputers.vbs:
On Error Resume Next
DomainString=Inputbox("Enter the domain name","Check Active Computers","DomainName")
if DomainString=" then
wscript.echo "No domain specified or script cancelled."
wscript.quit
end if
numDays=InputBox("What is the number of days to use as a cutoff for" & _
"Active Computer Accounts?","Check Active Computers","XX")
if numDays=" then
wscript.echo "No cutoff date specified or script cancelled."
wscript.quit
end if
Set DomainObj = GetObject("WinNT://"&DomainString)
if err.number<>0 then
wscript.echo "Error connecting to " & DomainString
wscript.quit
end if
DomainObj.Filter = Array("computer")
Wscript.echo "Computer Accounts in " & DomainString & " older than " & _ numDays & " days."
For each Computer in DomainObj
Set Account = GetObject("WinNT://" & DomainString & "/" & Computer.Name & _ "$")
RefreshTime = FormatNumber((Account.get("PasswordAge"))/86400,0)
If CInt(RefreshTime) >= CInt(numDays) Then
wscript.echo "**DELETE** " & Computer.Name & " Password Age is " & _ RefreshTime & " days."
End If
Next
set DomainObj=Nothing
set Shell=Nothing
Wscript.quit
Running the Hack
To run this script, use Cscript.exe, the
command-line script engine for the Windows Script Host (WSH).
Here's some sample output when the script is run to
delete computer accounts older than 90 days in the MTIT domain:
C:\>cscript.exe DeleteOldComputers.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Computer Accounts in mtit older than 90 days.
**DELETE** NEWTEST1 Password Age is 151 days.
**DELETE** QWER Password Age is 151 days.
**DELETE** SRV211 Password Age is 97 days.
**DELETE** SRV212 Password Age is 154 days.
Rod Trent
