Inactive Machine Accounts
Steve Moore
remove inactive machine accounts from a domain.
http://support.microsoft.com/default.aspx?scid=kb;EN-GB;q197478
Ive created the batch files as detailed in the above article but when i run
oldms.bat everything appears to run ok but the output.txt file only contains
the following;
Machine account ages for domain: InterX_London
------------------------------------------------
/1/10
/1/10
/1/10
/1/10
It does not provide me with the names of the machines just the dates the
machine accounts were created!!
Has anybody sucessfully used this batchfile before? or does anybody know
whats wrong with it?
Alternatively does anybody know of a different way to do this?
Any help would be most appreciated
cheers
Steve
The batch files i have are as follows, i also have NLTEST.exe and NETDOM.exe
present in the same directory as the batch files
OLDMS.bat
@echo off
if "%1"=="" goto nodomain
set dom=%1
set deloldms=
netdom /d:%1 bdc | find "Found PDC" > temp4.txt
for /f "tokens=3" %%a in (temp4.txt) do set pdc=%%a
if exist ms2.txt del ms2.txt
if exist output.txt del output.txt
if exist out2.txt del out2.txt
if exist temp4.txt del temp4.txt
echo.
echo Generating Server List of Member Servers and Workstations
echo.
echo Please Wait...
netdom /d:%1 /noverbose member > MS.TXT
for /F "delims=\\ tokens=1" %%a in (ms.txt) do echo %%a >> MS2.TXT
cls
echo.
echo Generating List of Member Servers and Workstations - Done
echo.
echo List Generated. Checking Password Ages.
echo.
echo Please Wait...
for /F "tokens=1" %%a in (ms2.txt) do call oldms2.bat %%a %dom% %pdc%
sort < output.txt > out2.txt
del output.txt
echo Machine account ages for domain: %dom% >> output.txt
echo ------------------------------------------------ >> output.txt
type out2.txt >> output.txt
if exist ms.txt del ms.txt
if exist out2.txt del out2.txt
if exist temp3.txt del temp3.txt
if exist ms2.txt del ms2.txt
if exist temp.txt del temp.txt
if exist temp4.txt del temp4.txt
if exist total.txt del total.txt
if exist working.txt del working.txt
FOR /F "SKIP=2 tokens=1,2,3" %%A IN (OUTPUT.TXT) DO echo %%A %%B
%%C>>working.txt
type working.txt|find " " /c>total.txt
for /f "tokens=1" %%A in (total.txt) do set deloldms=%%A
echo.
Echo List Complete
echo.
Echo %deloldms% machine accounts found.
echo.
echo Now edit OUTPUT.TXT and remove all valid machine accounts.
echo Machine accounts remaining in OUTPUT.TXT will be deleted.
echo After OUTPUT.TXT has been modified, run DELOLDMS.BAT to
echo delete machine accounts.
echo.
if exist total.txt del total.txt
if exist working.txt del working.txt
goto end
:nodomain
echo Specify the target domain on the command line
echo EXAMPLE: oldms MyDomainName
:end
OLDMS2.bat
rem %1 = member server
rem %2 = domain
rem %3 = pdc
nltest /server:%3 /user:%1$ | find "PasswordLastSet" > temp.txt
for /F "delims== tokens=2" %%a in (temp.txt) do oldms3.bat %%a %1
OLDMS3.bat
rem %1 = date
rem %2 = time
rem %3 = member server
echo %1 > temp3.txt
REM *** IMPORTANT Make the next 2 lines 1 line. Wrapped for readability
***
for /F "delims=/ tokens=1,2,3" %%a in (temp3.txt) do oldms4.bat %%a %%b
%%c %2 %3
OLDMS4.bat
rem %1 = member server
rem %2 = domain
rem %3 = pdc
nltest /server:%3 /user:%1$ | find "PasswordLastSet" > temp.txt
for /F "delims== tokens=2" %%a in (temp.txt) do oldms3.bat %%a %1
DELOLDMS.bat
@echo off
set dom=
set deloldms=
if exist total.txt del total.txt
if exist working.txt del working.txt
FOR /F "SKIP=2 tokens=1,2,3" %%A IN (OUTPUT.TXT) DO echo %%A %%B
%%C>>working.txt
type working.txt|find " " /c>total.txt
for /f "tokens=1" %%A in (total.txt) do set deloldms=%%A
cls
echo.
Echo NOTICE: %deloldms% machine accounts found in OUTPUT.TXT, ready for
deletion
Echo Press Ctrl + C to abort or..
echo.
pause
FOR /f "tokens=6" %%a in (output.txt) do set dom=%%a
if "%dom%"=="" goto nodomain
FOR /F "SKIP=2 TOKENS=3" %%A IN (OUTPUT.TXT) DO CALL BAT2 %%A
if exist total.txt del total.txt
if exist working.txt del working.txt
goto end
:nodomain
Echo Domain Name Missing from OUTPUT.TXT
Echo Re-run OLDMS.BAT
:end
BAT2.bat
NETDOM /d:%dom% MEMBER %1 /DELETE
Clay Calvert
wrote:
>Microsoft have written a batch file which will allow you to detect and
>remove inactive machine accounts from a domain.
>http://support.microsoft.com/default.aspx?scid=kb;EN-GB;q197478
>
>Ive created the batch files as detailed in the above article but when i run
>oldms.bat everything appears to run ok but the output.txt file only contains
>the following;
>
>Machine account ages for domain: InterX_London
>------------------------------------------------
>/1/10
>/1/10
>/1/10
>/1/10
>
>It does not provide me with the names of the machines just the dates the
>machine accounts were created!!
>
>Has anybody sucessfully used this batchfile before? or does anybody know
>whats wrong with it?
>
>Alternatively does anybody know of a different way to do this?
>
>Any help would be most appreciated
>
>cheers
>
>Steve
<snip>
Give this a go.
@echo off>FindOldWS.tmp
:: ccalvert 31 Jul 2001
:: Requires NetDom and NLtest from the Resource Kit
:: Creates list of Workstations and Member Servers in a domain.
:: Output is a text file sorted by the last date a member updated
:: passwords with the PDC.
:: If no parameter is passed then the current domain is used.
:: Use %1 to check other domain. Appropriate rights needed.
set PDC=&set DOM=%1
if %1'==' set DOM=%UserDomain%
for /f "tokens=2 delims=\" %%a in ('
netdom /d:%DOM% bdc ^|find "Found PDC"') do set PDC=%%a
if %PDC%'==' goto:eof
for /f "delims=\" %%n in ('netdom /d:%DOM% /noverbose member') do (
for /f "tokens=5-7 delims=/ " %%a in ('
nltest /server:%PDC% "/user:%%n$" ^|find "LastSet"') do (
call:Pad %%a %%b %%c "%%n"))
echo PssWrdDate %DOM%>FindOldWS.txt
echo ---------- ---------->>FindOldWS.txt
sort<FindOldWS.tmp>>FindOldWS.txt
del FindOldWS.tmp
::NETDOM /Domain:%DOM% member "%%h" /DELETE
start FindOldWS.txt & goto:eof
:Pad
Set Mon=%1& if %1 LEQ 9 set Mon=0%1
Set Day=%2& if %2 LEQ 9 set Day=0%2
Set String=%3/%Mon%/%Day% %4
echo %String:"=%&echo %String:"=%>>FindOldWS.tmp
HTH
Clay Calvert
Replace "W" with "L" in email.
Steve Moore
cheers
Steve
"Clay Calvert" <ccal...@Wanguru.com> wrote in message
news:jsur4us91gmv60r5g...@4ax.com...