If you have old computers and users laying about your AD and you haven’t found it yet, there is a tool on my website that I built with the input from many bright folks from the activedir.org list.
The tool will look for old users or computers and allow you to do several actions to those objects
- Report them
- Disable them
- Move them
Once they are disabled, you get the additional option of delete.
The report formats run the range of CSV, HTML, and Dynamic HTML which gives you a web page that you can sort the columns on the fly with.
There are a ton of safeties built into it so it is harder to hurt yourself. The tool runs relatively fast, certainly faster than scripts, etc.
You can get it here – http://www.joeware.net/win/free/tools/oldcmp.htm
If you have tried it and don’t like it, email me and let me know why.
If you have tried it and you like it but there is something it could do better, email me and let me know what you think could be better.
If you have tried and love it but have some more ideas, email me and let me know your ideas.
I am starting to look into putting together an update for it and since the mechanism I used before of getting lots of input from folks in the field up front worked so well, I am doing it again now that it has been out there for almost a year and folks have had a chance to play with it to get feedback on how to make it even better.
All ideas are welcome, however I won’t guarantee I will be able to put any of it in. But it gets in front of me and if it is something I can easily stick in, it will most likely make the next version. If it is something more involved, it might make it in a later version.
Of course my email is the same as it has been for the last 5 or so years. joe@joeware.net
If you prefer, you are welcome to post the ideas here instead as well in comments.
joe
Hi Joe,
Thanks for the excellent tool and support.
As I have reported earlier, there is a kind of bug which is changing the name case. That means for a user like “Mohammed Athif Khaleel” with M, A & K in upper case this is being changed to lower case aka “m, a &k” This has to be fixed.
Let me know once this is fixed to use the tool agian 🙂
Thanks,
Athif
http://msmvps.com/athif/
PatchAholic…The WSUS Blog!
Hi joe,
Thanks for the excellent tool !
I have process defined around oldcmp.exe, which takes care of finding, moving, disabling ,notifiying location admins, and then deleting accounts. almost automated.
only thing hurts here is extra[1] details generated, I would like to have report where I can customize what attributes I want in output, so that, size can be smaller, and to the point.
Generally, I just keep, samacountname, DN, pwage, created-date.
then, instead of DN, I run another query and find Location attribute value and replace DN with location.
[1] I know, that is EXTRA for me, might not be for others, but flexibility of attribute selection would be great.
–
Kamlesh
How about ADMOD accepting an input file that contains samaccountnames or DNs of objects to change
Cheers,
Jorge
Do you mean oldcmp Jorge?
Simply said.. ADMOD is a great tool to modify attributes… from a single object or piped from ADFIND when what you want to change fits in query (just an example: admincount=1). As some objects should have admincount=1, I just query for which objects have admincount=1, filter out the objects that should have it and modify to admincount=0 what is left over. ADMOD accepts input from ADFIND (in dsquery format), but it would be nice if ADMOD could accept input from a text file that contains a distinguished name in each line (and if possibly OR sAMAccountName)
Cheers,
Jorge
PS… crazy, but still not puffin’ the pipe! 😉 (never will either, actually)
almost forgot…
funny.. almost a week ago you replyed to me about 30 min. later and only today I see the change as an additional post to your blog for this subject… Another thing is that your blog suddently gets update and I receive all new kinds of updates (at least that’s what they look like) I have already seen before earlier on. I only experience that with your blog. Not with others.
Ok, the conversation was about oldcmp but we can talk about admod. 🙂
Admod will take DNs from a file as well, just pipe them from the text file. Taking a sAMAccountName would require that I know you are passing in a sAMAccountName and then do a lookup on it to get the DN because obviously you can’t reference an object by the sAMAccountName since it isn’t guaranteed to be unique. This will be much easier when I combine adfind and admod into a single tool in the future. Admod currently has no lookup capability. And even if it did, the question would come up, if you get a match on multiple sAMAccountNames what then? What about an attribute that is supposed to have dupes? Either way could cause unintended results. Definitely things to think through.
On the update, note sure what is happening. The XML feed for the RSS output updates near instantaneously since it is a MYSQL update and then when something requests the feed it runs a query on the spot to return the info. My blog is one of the blogs I watch with thunderbird and it updates pretty fast. I have never paid attention if it remarks an entry that gets comments as I don’t usually mark blog entries read. I am not sure why not, I just don’t. 😉