The Windows Domain I manage has hundreds of computer names which I don't recognise and I'd like to remove old ones which aren't in use before trying to track down the misnamed ones.
Is there someway to see when the last time a machine logged onto the network? Either via dhcpd or a user login event or something else.
You can use
dsquery(technet link) to locate inactive computers:dsquery computer -inactive 10 -limit 0Shows computers that have been inactive for 10 weeks or more.
From
dsquery computer /?(technet link)You can pipe the output into
dsrm(technet link) if you want to remove the listing from the domain. Please note this will not bother prompting you so apply the appropriate amount of caution.dsquery computer -inactive 10 -limit 0 | dsrm -nopromptYou can return computer accounts via DSQUERY. The example below will return computer accounts that have not logged in withing the past 4 weeks.
You can then pipe the output to a file, or simply remove them by piping to the DSRM command.
Similar functionality can be achieved via powershell I'm sure.
The VB Script >here< will identify computer objects in your AD which have not had a computer password reset in a specified number of days, and then move them to an OU you can specify, as well as disable their computer accounts for you (which seems to me to be preferable to just deleting them - safer!)
I've used it before and it works just fine.