none
Orphaned TPM Device Cleanup

    Question

  • Hello,

    I am trying to find assistance in regards to how we are to clean up mstpm-information objects in the tpm devices folder in AD if a user deleted the computer object from AD prior to removing the TPM object. For OS's prior to 8 the tpm info was just stored in the computers attribute but as of 8 and above it is stored in a separate container called tpm devices and when someone deletes the computer object from AD, it does not in turn delete the TPM object which I am hoping MS will fix in future updates because I am walking in to an environment that has thousands of orphaned TPM objects because admins did not first know they had to delete the tpm object prior to deleting the computer object.

    I am trying to get a script together that will query each mstpm-informationobject in the tpm devices container and for each item that has a sid reflected as the objects owner instead of a friendly name should be deleted because these items would be the corresponding tpm object for a computer that was removed from AD. I say this because the owner of the tpm object created will always be the computer object it was written by/for. Needless to say I am not having any luck....yet.

    Any ideas?

    Wednesday, January 18, 2017 2:29 PM

All replies

  • Hi,
    Regarding the script which you want, I would suggest you take a look at freddygrande’s reply in the following thread and see if any reference will be got:
    https://community.spiceworks.com/topic/1582233-the-tpm-was-not-turned-on-due-to-an-active-directory-backup-failure
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    And generally, we would also suggest to post questions about script in the scripting forum:
    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Thursday, January 19, 2017 6:22 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 23, 2017 9:55 AM
    Moderator