I had the same problem at a major automaker... I got over it and started cleaning as I was seeing tens of thousands of bad machine accounts PER domain. Local admins were good at adding machines, no impetus to remove them when done. Again the disable helps out a lot, disable them and if they need them back they can reenable them. I actually added a web site for the general support site that would allow a local site admin to create a report of the machine accounts that should be cleaned up. In the backend it was a perl script that called oldcmp and sent back the web page that was produced. I didn't push joeware internally except for my group though I didn't prevent anyone from using it as well if they cared enough to look for it.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Sunday, October 24, 2004 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Centralized vs. decentralized administration Joe, I have and use oldcmp and I love it. The problem is we have delegated management of computers to division IT staff. I am reluctant to go in and remove these computers from their OU's for them. Although I am about to get over this as they are getting very sloppy. Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, October 24, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Centralized vs. decentralized administration Dennis, check this out... http://www.joeware.net/win/free/tools/oldcmp.htm The tool has several functions, from report only, to clean up. The clean up will not directly delete accounts, it will force you to disable them first. I recommend leaving them disabled for a few weeks or months and then swing back through and delete the deleted accounts. The tool really forces you to tell it to disable or delete so you shouldn't be too worried about bad things happening by accident. I tried to prevent that as best as possible to the point that some people have complained how many switches they need to actually hurt something. If you still have fear though, run it as a normal userid to get the reports. I have seen several companies that use this tool to reduce the size of their AD substantially. If you have some 10k dead accounts in Active Directory, think of the DIT growth you have that you don't need for new computers... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Thursday, October 21, 2004 11:15 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Centralized vs. decentralized administration <SNIP> Computers go into AD, but are never removed. I have not found an effective way to address this problem yet. (Primarily because it has not yet become a pain point.) I could delete old computers from the OUSs, but I am reluctant to do this yet. <SNIP> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
