0

How to query and delete old Computer Objects from Active Directory

Posted by paris on Jul 12, 2017 in Random

Query computer objects which have been inactive for 8 weeks in a specific OU

dsquery computer “OU=Computers,OU=OUNAME,DC=domain,DC=local” -inactive 8 

Query computer objects which have been inactive for 8 weeks in a specific OU and name starts with PCNAME

dsquery computer “OU=Computers,OU=OUNAME,DC=domain,DC=local” -inactive 8 -name PCNAME* 

Open the Command Prompt now as Administrator

Query THEN DELETE computer objects which have been inactive for 8 weeks in a specific OU and name starts with PCNAME

dsquery computer “OU=Computers,OU=OUNAME,DC=domain,DC=local” -inactive 8 -name PCNAME* | dsrm -noprompt

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

The security database on the server does not have a computer account for this workstation trust relationship

Posted by paris on Oct 26, 2015 in Fixes

thesecuritydatabaseontheserverdoesnothaveacomputeraccountWhen tying to log into a machine on another domain which has a link with a One Way Active Directory domain trust the follow error was displayed on login : 

“The security database on the server does not have a computer account for this workstation trust relationship”

Checking the Incoming and Outgoing link properties on Active Directory proved there was an incoming however the outgoing was not present. I had to delete the incoming trust , save the password , then recreate the outgoing trust on the returning domain. The returning domain also did not have a conditional forwarder setup for the other domain , which needs to be added in DNS and point to a Active Directory server at the other end ( that must be routable ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , ,

 
0

DNS Entries Disappearing from Active Directory DNS Management

Posted by paris on Aug 19, 2015 in Random

Recently had a problem where DNS Entries for a server were disappearing in active directory. We set the records manually after multiple ipconfig /registerdns still would not hold the entry in active directory.

We removed the device from the domain and rejoined still to no avail (to check domain trust was not the problem)

In the end we had to set the DNS entry statically in some of the servers util we found out what was causing it to be removed.

Cause

‘Turns out the someone had configured the RAS server to assign DHCP address’ on the same range statically assigned where. This wouldn’t of caused an IP conflict due to clever RAS routing , however it would of caused the DNS issue we saw randomly ( whenever someone logged into RAS to assign themself an address! ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Total Expired Computers List not Move via PwdLastSet

Posted by paris on May 23, 2014 in Random

I was trying to get a list of Active Computers on our Network. A DSQuery can give me a list of all computer , and I tried to get an inactive list for 4 weeks and subtract the value , however the Inactive List was not that acurate.

Instead I wanted to Query the PwdLastSet to

I found a few scripts online but they moved the computer accounts to OU’s , and I just needed this for auditing purposes. So I edited the tracked back script

Save the script as script.ps1 then run with .\script -OlderThan 30

param(
    [int] $OlderThan = 20
)
 
try {
    Import-Module ActiveDirectory -ErrorAction Stop -Verbose:$false
} catch {
    Write-Error "Active Directory module failed to Import. Terminating the script. More details : $_"
    exit(1)
}
 
try {
    #Get domain name
    $DomainDN = (Get-ADDomain -ErrorAction Stop).DistinguishedName
    #Get Computers in Domaing
    $Computers = Get-ADComputer -Filter * -Properties PasswordLastSet -SearchBase $DomainDN -ErrorAction Stop
} catch {
    Write-Error "Failed to query active Directory for computers. Exiting the script. More details : $_"
    exit(1)
}
$now = Get-Date
$agedate = (Get-Date).AddDays(-$OlderThan)
 
foreach($Computer in $Computers) {
$ComputerName = $computer.Name
$Computerpwdsetdate = $Computer.PasswordLastSet
 
    #$Computerpwdsetdate
    if($Computerpwdsetdate -lt $agedate) {
 
 
	#Write-Host "Expired $ComputerName"
 
	$computernumber = $computernumber + 1         
    }
 
 
}
 
Write-Host "Total = $computernumber"

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

Copyright © 2017 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy