You can check to see when a computer last refreshed it's computer account password. Greater than 30 days would indicate that the machine probably doesn't exist anymore, or is not connected to the network.
That said, sorting this out really means sorting out your processes. AD doesn't get this way in the first place unless you don't have processes. Cheers Ken From: David Lum [mailto:[EMAIL PROTECTED] Sent: Thursday, 4 September 2008 1:44 AM To: NT System Admin Issues Subject: AD maintenance? How do you guys with larger org's handle keeping AD tidy and not having a bunch on non-existent system, user and group accounts? I work for a mid-size org and am almost certainly the only Systems Engineer here who is willing to take the time to try and maintain AD. If I do an AD query of systems with "description has a value" I come up with 191 objects. A search of computers with "description has a no value" comes up with 811, and since NWEA has ~250 employees and 140-ish servers I'm pretty sure there is a ton of clutter in there. Ferreting out the invalid desktops/laptops is the bigger issue of the two. Suggestions? David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
