Using Active Directory and Group Policy
Is there a way to Use active directory/Group Policy to automatically remove a computer from the domain after a period of time?
February 16th, 2010 6:09pm

The best I can think of is to have the computer account expire. This does not remove the computer from the domain, but it cannot authenticate after the expiration date.Richard MuellerMVP ADSI
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2010 7:24pm

i think Richard's idea is a really good one. just so i understand, how many computers are we talking about? if more than one, will they all be removed at the same time or will that vary? thx /richhttp://cbfive.com/blog
February 16th, 2010 7:48pm

I work in the IT department for a college and we have roughly 6500 computers, and we want to set some kind of policy to where after a computer on our domain hasnted authenticated to the domain for a certain amount of time, that it gets removed from the domain. What our problem is when a computer gets replaced it doesnt get taken off of our domain, so now we are left with computers in DNS that really arent there anymore and we are trying to prevent this from happening somehow.
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2010 8:28pm

okay, we really have two different issues there. the first is with removing stale computer accounts from the directory. for that, take a look at a tool called oldcmp by Joe Richards. it can be found here. http://www.joeware.net/freetools/tools/oldcmp/index.htm. the second is a problem with stale records in DNS (and these aren't necessarily tied together). to handle this, you are going to want to look at configuring aging and scavenging. for an understanding of aging / scavenging, look here: http://cbfive.com/blog/post/Untying-Aging-and-Scavenging.aspx. generally speaking the defaults for aging and the defaults for scavenging are fine. aging will get enabled at the zone level (and replicated if it is an ADI zone) and scavenging should be enabled on a single server. hth /rich http://cbfive.com/blog
February 16th, 2010 8:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics