Computer removal in AD

By DrewDizzle ·
I want to do some housecleaning in AD, and I want to remove any old computer names from the computers list in AD. I cant find anything that does this automatically, so I was thinking I could do this when no one is working...

Turn all computers on the domain off, then delete them from AD. If my assumptions are right, AD would then repopulate itself as I turned the computers back on.. Right?

I dont really care about permissions I had assigned the computers already, as I understand this would be like a new computer to AD..

Please let me know if anyone has any ideas!


This conversation is currently closed to new comments.

20 total posts (Page 2 of 2)   Prev   01 | 02
| Thread display: Collapse - | Expand +

All Answers

Collapse -


by DrewDizzle In reply to If he had proper document ...

Well thanks there guy, in a perfect world you are right. BUT in the real world its not like that. There was no documentation when I took this over recently, so now I have to deal with it and make current lists.

Why dont you try to be helpful instead of making crappy comments that dont help anyone.

Collapse -


by DrewDizzle In reply to Computer removal in AD

Thank you to all who have replied.

I know it seems like a crazy amount of extra work to do it like I suggested.. But as it stands right now, none of the computers are in specific OUs, except for the default Computers OU.. The GP on that OU is mostly undefined, so even if I lost it, it would'nt be that big a deal.

The whole point of me wanting to clean it up, is to put them in specific OUs, and then apply different GPs to the new OUs. (How it should be)

There are about 50 computers here, but like 200 computer names in AD. There are no remote users, and I wouldnt remove any of the critical systems since I know the computer names and they are still active.

I am not saying I think they will rejoin the OUs they are in now, and re-apply GP permissions once I turn the computers back on.

I am just trying for a clean slate as far as OUs and computer names in AD.

Collapse -

Well that clears up a few points

by The Scummy One In reply to Thanks

But removing the computers and just turning them back on will not re-join them to the domain, so you will need to be careful about which are deleted.
Probably the best way is using the script above, or other, that can tell you when each computername was last logged into the AD. If it has been over 4-6 months -- remove it.
the rest, (50 or so) organize as needed without removing them from the AD.

Collapse -

Thank You

by DrewDizzle In reply to Well that clears up a few ...

Thank you, I see what you are saying now. I would have to rejoin all the computers to the domain after removing them from AD. I did have the audit feature on the GP, so I can look at the event log to see the last time it logged into AD.

By the way, there is no helpdesk here, its me.. thats it.

Collapse -

Glad to help

by The Scummy One In reply to Thank You

prevent a nightmare for you

Please mark the helpful answer(s) as helpful. This way if someone has a similar issue, they may not have to post a new question, but just review which items worked.

You can mark multiple answers as helpful if there were multiple answers that helped.

Thank You

Collapse -

Just a pointer or two

by MAEX In reply to Well that clears up a few ...

Find User and Computer Accounts based on Last Logon Date Time

Last Login Script

There are pleeennntttyyyyyy of good working examples out there. Just adapt.

Collapse -

Might try playing with some of these

by seanferd In reply to Thanks

Collapse -

Inactive users tracker

by ITsteve13 In reply to Computer removal in AD

Check out a tool called Netwrix Inactive user tracker, it has an option to track stake computer account. Another tool is True Last Logon. Plus several bigger general purpose AD reporting products have reports for this.

Collapse -


by Lepide In reply to Computer removal in AD

what you are talking about s the user management.
try the script:
On Error Resume Next

Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("c:\Files\ws.txt", ForReading)

Do Until objTextFile.AtEndOfStream
strComputer = objTextFile.Readline

Set objComputer = GetObject("LDAP://CN=" & strComputer & _
"," & "OU=WorkStations,DC=myCompany,DC=com")
objComputer.DeleteObject (0)
If Err.Number = 0 Then
WScript.Echo "Deleted computer " & strComputer & " from AD"
Elseif Err.Number <> 0 Then
WScript.Echo "Unable To delete computer " & strComputer
End If

Set objTextFile = Nothing
Set objFSO = Nothing
Set objComputer = Nothing
Set objContainer = Nothing

Wscript.Echo "Done"

or u can go for some AD tools like:

Back to Desktop Forum
20 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums