none
limpiar carpeta computers de AD en un windows 2000 RRS feed

  • Pregunta

  • Hola a todos,

    Tengo un dominio con windows 2000 server, cada vez que añado una maquina al dominio esta me aparece correctamente, el problema es que hay muchas maquinas que aparecen en esa OU que ya no existen y me gustaria saber si hay alguna manera de actualizarlo para que elimine todas las que ya no existen y si se puede activar alguna opción para que las elimine automaticamente si algún dia se saca una maquina del domino.


    Un saludo y muchas gracias de antemano.
    martes, 4 de diciembre de 2007 17:51

Respuestas

  • Hola,

     

    existen escript en Internet que hacen este tipo de busqueda !

     

    Aqui es un ejemplo:

     

     

    Bloque de código

    ' MoveOldComputers.vbs
    ' VBScript program to determine when each computer account in the domain
    ' last had their password changed. If this date is more than a specified
    ' number of days in the past, the computer object is considered inactive
    ' and it is moved to a target Organizational Unit. The computer account
    ' is also disabled. A log file keeps track of which computer objects are
    ' moved.
    '
    ' ----------------------------------------------------------------------
    ' Copyright (c) 2004 Richard L. Mueller
    ' Hilltop Lab web site - http://www.rlmueller.net
    ' Version 1.0 - February 8, 2004
    ' Version 1.1 - February 23, 2004 - Bug fix.
    '
    ' You have a royalty-free right to use, modify, reproduce, and
    ' distribute this script file in any way you find useful, provided that
    ' you agree that the copyright owner above has no warranty, obligations,
    ' or liability for such use.

    Option Explicit

    Dim strFilePath, objFSO, objFile, objConnection, objCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, objRecordSet
    Dim strComputerDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmPwdLastSet, k
    Dim intDays, strTargetOU, objTargetOU, objComputer
    Dim intTotal, intInactive, intNotMoved, intNotDisabled

    ' Specify the log file. This file will be created if it does not
    ' exist. Otherwise, the program will append to the file.
    strFilePath = "D:\BIN\OldComputers.log"

    ' Specify the minimum number of days since the password was last set for
    ' the computer account to be considered inactive.
    intDays = 180

    ' Specify the Distinguished Name of the Organizational Unit into
    ' which inactive computer objects will be moved.
    strTargetOU = "ou=Inactive,dc=deman,dc=local"

    ' Bind to target Organizational Unit.
    On Error Resume Next
    Set objTargetOU = GetObject("LDAP://" & strTargetOU)
    If Err.Number <> 0 Then
      On Error GoTo 0
      Wscript.Echo "Organization Unit not found: " & strTargetOU
      Wscript.Quit
    End If
    On Error GoTo 0

    ' Open the log file for write access. Append to this file.
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    On Error Resume Next
    Set objFile = objFSO.OpenTextFile(strFilePath, 8, True, 0)
    If Err.Number <> 0 Then
      On Error GoTo 0
      Wscript.Echo "File " & strFilePath & " cannot be opened"
      Set objFSO = Nothing
      Wscript.Quit
    End If
    On Error GoTo 0

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
      & "TimeZoneInformation\ActiveTimeBias")
    If UCase(TypeName(lngBiasKey)) = "LONG" Then
      lngBias = lngBiasKey
    ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
      lngBias = 0
      For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
      Next
    End If

    ' Use ADO to search the domain for all computers.
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOOBject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Filter to retrieve all computer objects.
    strFilter = "(objectCategory=computer)"

    ' Retrieve Distinguished Name and date password last set.
    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
      & ";distinguishedName,pwdLastSet;subtree"

    objCommand.CommandText = strQuery
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 30
    objCommand.Properties("Cache Results") = False

    ' Write information to log file.
    objFile.WriteLine "Search for Inactive Computer Accounts"
    objFile.WriteLine "Start: " & Now
    objFile.WriteLine "Base of search: " & strDNSDomain
    objFile.WriteLine "Log File: " & strFilePath
    objFile.WriteLine "Inactive if password not set in days: " & intDays
    objFile.WriteLine "Inactive accounts moved to: " & strTargetOU
    objFile.WriteLine "----------------------------------------------"

    ' Initialize totals.
    intTotal = 0
    intInactive = 0
    intNotMoved = 0
    intNotDisabled = 0

    ' Enumerate all computers and determine which are inactive.
    Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
      strComputerDN = objRecordSet.Fields("distinguishedName")
      intTotal = intTotal + 1
      ' Determine date when password last set.
      lngDate = objRecordSet.Fields("pwdLastSet")
      Set objDate = lngDate
      dtmPwdLastSet = Integer8Date(objDate, lngBias)
      ' Check if computer object inactive.
      If DateDiff("d", dtmPwdLastSet, Now) > intDays Then
        ' Computer object inactive.
        intInactive = intInactive + 1
        objFile.WriteLine "Inactive: " & strComputerDN _
          & " - password last set: " & dtmPwdLastSet
        ' Move computer object to the target OU.
        On Error Resume Next
        Set objComputer = objTargetOU.MoveHere("LDAP://" _
          & strComputerDN, vbNullString)
        If Err.Number <> 0 Then
          On Error GoTo 0
          intNotMoved = intNotMoved + 1
          objFile.WriteLine "Cannot move: " & strComputerDN
        End If
        ' Disable the computer account.
        On Error Resume Next
        objComputer.AccountDisabled = True
        ' Save changes to Active Directory.
        objComputer.SetInfo
        If Err.Number <> 0 Then
          On Error GoTo 0
          intNotDisabled = intNotDisabled + 1
          objFile.WriteLine "Cannot disable: " & strComputerDN
        End If
        On Error GoTo 0
      End If
      objRecordSet.MoveNext
    Loop

    ' Write totals to log file.
    objFile.WriteLine "Finished: " & Now
    objFile.WriteLine "Total computer objects found:   " & intTotal
    objFile.WriteLine "Inactive:                       " & intInactive
    objFile.WriteLine "Inactive accounts not moved:    " & intNotMoved
    objFile.WriteLine "Inactive accounts not disabled: " & intNotDisabled
    objFile.WriteLine "----------------------------------------------"

    ' Display summary.
    Wscript.Echo "Computer objects found:         " & intTotal
    Wscript.Echo "Inactive:                       " & intInactive
    Wscript.Echo "Inactive accounts not moved:    " & intNotMoved
    Wscript.Echo "Inactive accounts not disabled: " & intNotDisabled
    Wscript.Echo "See log file: " & strFilePath

    ' Clean up.
    objFile.Close
    objConnection.Close
    Set objFile = Nothing
    Set objFSO = Nothing
    Set objShell = Nothing
    Set objConnection = Nothing
    Set objCommand = Nothing
    Set objRootDSE = Nothing
    Set objRecordSet = Nothing
    Set objComputer = Nothing

    Wscript.Echo "Done"

    Function Integer8Date(objDate, lngBias)
    ' Function to convert Integer8 (64-bit) value to a date, adjusted for
    ' time zone bias.
      Dim lngAdjust, lngDate, lngHigh, lngLow
      lngAdjust = lngBias
      lngHigh = objDate.HighPart
      lngLow = objDate.LowPart
    ' Account for bug in IADsLargeInteger property methods.
      If (lngHigh = 0) And (lngLow = 0) Then
        lngAdjust = 0
      End If
      lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
        + lngLow) / 600000000 - lngAdjust) / 1440
      Integer8Date = CDate(lngDate)
    End Function

     

     

     

     

    martes, 4 de diciembre de 2007 21:57
  • Ejecútalo desde cualquier máquina con acceso al AD y con una cuenta administradora del dominio.
    lunes, 10 de diciembre de 2007 9:37

Todas las respuestas

  • Hola,

     

    existen escript en Internet que hacen este tipo de busqueda !

     

    Aqui es un ejemplo:

     

     

    Bloque de código

    ' MoveOldComputers.vbs
    ' VBScript program to determine when each computer account in the domain
    ' last had their password changed. If this date is more than a specified
    ' number of days in the past, the computer object is considered inactive
    ' and it is moved to a target Organizational Unit. The computer account
    ' is also disabled. A log file keeps track of which computer objects are
    ' moved.
    '
    ' ----------------------------------------------------------------------
    ' Copyright (c) 2004 Richard L. Mueller
    ' Hilltop Lab web site - http://www.rlmueller.net
    ' Version 1.0 - February 8, 2004
    ' Version 1.1 - February 23, 2004 - Bug fix.
    '
    ' You have a royalty-free right to use, modify, reproduce, and
    ' distribute this script file in any way you find useful, provided that
    ' you agree that the copyright owner above has no warranty, obligations,
    ' or liability for such use.

    Option Explicit

    Dim strFilePath, objFSO, objFile, objConnection, objCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, objRecordSet
    Dim strComputerDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmPwdLastSet, k
    Dim intDays, strTargetOU, objTargetOU, objComputer
    Dim intTotal, intInactive, intNotMoved, intNotDisabled

    ' Specify the log file. This file will be created if it does not
    ' exist. Otherwise, the program will append to the file.
    strFilePath = "D:\BIN\OldComputers.log"

    ' Specify the minimum number of days since the password was last set for
    ' the computer account to be considered inactive.
    intDays = 180

    ' Specify the Distinguished Name of the Organizational Unit into
    ' which inactive computer objects will be moved.
    strTargetOU = "ou=Inactive,dc=deman,dc=local"

    ' Bind to target Organizational Unit.
    On Error Resume Next
    Set objTargetOU = GetObject("LDAP://" & strTargetOU)
    If Err.Number <> 0 Then
      On Error GoTo 0
      Wscript.Echo "Organization Unit not found: " & strTargetOU
      Wscript.Quit
    End If
    On Error GoTo 0

    ' Open the log file for write access. Append to this file.
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    On Error Resume Next
    Set objFile = objFSO.OpenTextFile(strFilePath, 8, True, 0)
    If Err.Number <> 0 Then
      On Error GoTo 0
      Wscript.Echo "File " & strFilePath & " cannot be opened"
      Set objFSO = Nothing
      Wscript.Quit
    End If
    On Error GoTo 0

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
      & "TimeZoneInformation\ActiveTimeBias")
    If UCase(TypeName(lngBiasKey)) = "LONG" Then
      lngBias = lngBiasKey
    ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
      lngBias = 0
      For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
      Next
    End If

    ' Use ADO to search the domain for all computers.
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOOBject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Filter to retrieve all computer objects.
    strFilter = "(objectCategory=computer)"

    ' Retrieve Distinguished Name and date password last set.
    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
      & ";distinguishedName,pwdLastSet;subtree"

    objCommand.CommandText = strQuery
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 30
    objCommand.Properties("Cache Results") = False

    ' Write information to log file.
    objFile.WriteLine "Search for Inactive Computer Accounts"
    objFile.WriteLine "Start: " & Now
    objFile.WriteLine "Base of search: " & strDNSDomain
    objFile.WriteLine "Log File: " & strFilePath
    objFile.WriteLine "Inactive if password not set in days: " & intDays
    objFile.WriteLine "Inactive accounts moved to: " & strTargetOU
    objFile.WriteLine "----------------------------------------------"

    ' Initialize totals.
    intTotal = 0
    intInactive = 0
    intNotMoved = 0
    intNotDisabled = 0

    ' Enumerate all computers and determine which are inactive.
    Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
      strComputerDN = objRecordSet.Fields("distinguishedName")
      intTotal = intTotal + 1
      ' Determine date when password last set.
      lngDate = objRecordSet.Fields("pwdLastSet")
      Set objDate = lngDate
      dtmPwdLastSet = Integer8Date(objDate, lngBias)
      ' Check if computer object inactive.
      If DateDiff("d", dtmPwdLastSet, Now) > intDays Then
        ' Computer object inactive.
        intInactive = intInactive + 1
        objFile.WriteLine "Inactive: " & strComputerDN _
          & " - password last set: " & dtmPwdLastSet
        ' Move computer object to the target OU.
        On Error Resume Next
        Set objComputer = objTargetOU.MoveHere("LDAP://" _
          & strComputerDN, vbNullString)
        If Err.Number <> 0 Then
          On Error GoTo 0
          intNotMoved = intNotMoved + 1
          objFile.WriteLine "Cannot move: " & strComputerDN
        End If
        ' Disable the computer account.
        On Error Resume Next
        objComputer.AccountDisabled = True
        ' Save changes to Active Directory.
        objComputer.SetInfo
        If Err.Number <> 0 Then
          On Error GoTo 0
          intNotDisabled = intNotDisabled + 1
          objFile.WriteLine "Cannot disable: " & strComputerDN
        End If
        On Error GoTo 0
      End If
      objRecordSet.MoveNext
    Loop

    ' Write totals to log file.
    objFile.WriteLine "Finished: " & Now
    objFile.WriteLine "Total computer objects found:   " & intTotal
    objFile.WriteLine "Inactive:                       " & intInactive
    objFile.WriteLine "Inactive accounts not moved:    " & intNotMoved
    objFile.WriteLine "Inactive accounts not disabled: " & intNotDisabled
    objFile.WriteLine "----------------------------------------------"

    ' Display summary.
    Wscript.Echo "Computer objects found:         " & intTotal
    Wscript.Echo "Inactive:                       " & intInactive
    Wscript.Echo "Inactive accounts not moved:    " & intNotMoved
    Wscript.Echo "Inactive accounts not disabled: " & intNotDisabled
    Wscript.Echo "See log file: " & strFilePath

    ' Clean up.
    objFile.Close
    objConnection.Close
    Set objFile = Nothing
    Set objFSO = Nothing
    Set objShell = Nothing
    Set objConnection = Nothing
    Set objCommand = Nothing
    Set objRootDSE = Nothing
    Set objRecordSet = Nothing
    Set objComputer = Nothing

    Wscript.Echo "Done"

    Function Integer8Date(objDate, lngBias)
    ' Function to convert Integer8 (64-bit) value to a date, adjusted for
    ' time zone bias.
      Dim lngAdjust, lngDate, lngHigh, lngLow
      lngAdjust = lngBias
      lngHigh = objDate.HighPart
      lngLow = objDate.LowPart
    ' Account for bug in IADsLargeInteger property methods.
      If (lngHigh = 0) And (lngLow = 0) Then
        lngAdjust = 0
      End If
      lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
        + lngLow) / 600000000 - lngAdjust) / 1440
      Integer8Date = CDate(lngDate)
    End Function

     

     

     

     

    martes, 4 de diciembre de 2007 21:57
  • Muchas gracias por el script, unicamente tengo una pregunta, ¿donde ejecuto el script? lo ejecuto en el PDC o lo pongo para que se ejecute al inicio de sesion en los equipos??

    Un saludo y muchas gracias otra vez por la respuesta.
    viernes, 7 de diciembre de 2007 10:37
  • Ejecútalo desde cualquier máquina con acceso al AD y con una cuenta administradora del dominio.
    lunes, 10 de diciembre de 2007 9:37