Following up on a previous post discussing finding old user accounts in Active Directory, here’s how you find old computer accounts. This works on basically the same premise as the user script. In short, we’re going to check the last time the computer logged into Active Directory. That happens on every reboot and from time to time while the machine is up. The same warning applies to computers as it does for user accounts.
I’ve been putting off dealing with a problem at work for a while and I finally worked out a way to deal with it. At work, when a faculty or staff member leaves, we don’t delete the account right away. Instead, the account is disabled. It’s sort of a CYA policy. It came in useful today, in fact, when I was told that the professor whose account I disabled a couple of days ago was actually granted emeritus status and so his account needed to hang around a while more.
I’m getting ready to deploy a pair of Server 2008 Active Directory servers to replace a couple of old 2003 boxes. In preparing those servers, I installed the remote agent for Microsoft Data Protection Manager before I installed the ADDS role and promoting the new AD servers. That turned out to be a mistake. After promoting the AD servers, the DPM agent service (DPMRA) stopped running and would not start again.