Re: Detect and remove inactive computer accounts

Computers will periodically change the password used in communicating with the PDC of the domain.

Your computer accounts are listed under the Domain Users group as computer$. You have to expand the Global Groups option, then the Domain Users object under there shows you these accounts. Right-click on it, then choose View All User Details. This will display all users and computer accounts along with all of their properties, including Password Age in the right window.

You can filter this list to only show you computer accounts after they are displayed in the right window. Go to Edit->Find/Filter, type in $ for the search string, and for column choose UserName. Check the box to Filter out records that DO NOT match the search string and click OK.

This will leave you with only the computer accounts and you can sort by password age by clicking on the field header for password age. Password age is relevant because computers will change their password with the domain periodically when they are online.

What you do is look at normal computer accounts and see what is a usual time frame on your network. The ones at the top with several hundred days are computers that are no longer active.

Re: Detect and remove inactive computer accounts

I found these instructions afterwards but they seem outdated. For instance in 4.5 the computers are not kept in the domain users under global groups. There is also no "view all users" right click menu. I think I did the right thing by going under computers, right clicking and choosing to view all details then checking on the pwd last set and deleting any computer that hasn't changed their password in 5 months. You may want to stress to users that DCs don't change their passwords as often as regular computers so they should be very careful.

Re: Detect and remove inactive computer accounts

One more thing. Can this change the network settings on remote computers? Say I want to move a computer off DHCP can I do this remotely?

Re: Detect and remove inactive computer accounts

Not at this time. We are planning some remote registry editing functions for early next year that may provide some functionality in this area.