RE: [ActiveDir] inactive computers question

[Coleman, Hunter]

pwdLastSet is a replicated attribute. Within the limits of replication latency, he should be getting the same value regardless of the DC he happens to query.   The lastLogon attribute (available in 2000) is not replicated, so if the scripts use that to determine inactive computers then they'll need to loop through all of the DCs to get the most recent value. From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Monday, December 22, 2003 9:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] inactive computers question though I haven't used dsquery this way before, i think I can hazard a simple theory as to why you are getting inconsistent reports. Since pwdLastSet is not replicated among DCs, the values will be DIFFERENT across all you DCs. There is no magical way to determine which DC has the most current value for a specific non-replicated attribute.    Richard Mueller (http://www.rlmueller.net/) has a very handy script that loops thru ALL your DCs and get the most current pwdLastSet value. I think this would be a better option.     Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: Rich Milburn Sent: Mon 12/22/2003 7:59 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] inactive computers question I know that dsquery and dsrm are good for AD2003 environments to find and remove inactive computer accounts in AD, as is Robbie's script.  Someone on the SMS list has AD 2000 though, dsquery doesn't work, and Robbie's script is returning nothing.  Even if the info is not easily convertible to a date, seems like you should be able to sort by a column in a csvde export and see the same information - i.e. sort by pwdLastSet?  Any ideas?  It looked like lastLogonTimestamp might be a good one... but alas that's new with 2003 so that's no good for him.  The main source of my confusion is that dsquery and a sort by pwdLastSet do not show the same computers as being inactive the longest.   Thanks Rich -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.