Trying to run a report for old Computer objects

keells · Friday

Hi

Hoping someone may be able to assist or look to see if this can be improved. Currently we run a report via powerhsell that shows AD computers and their lastlogon AD attribute so we can look to remove old servers with a logon over 90 days.

I did try and update to use a Lansweeper report using the last seen data and the computer is enabled attribute from AD, but I am seeing lots of old servers that no longer have an AD account appearing. We need to keep old disabled computer objects in Lansweeper for auditing so there are lots of older machines that no longer exist anywhere in VMWare or AD but are in Lansweeper. I can't just remove inactive servers in the report based on Lansweeper attribute either as they may appear inactive in Lansweeper but still have a computer account so need to report on all objects then filter based on the other attributes.

Whats strange is alot of these old computers are showing as enabled in AD based on Lansweeper data when the object no longer exists in AD, should this not have updated as the object no longer exists. Is there something I need to do to make sure they appear as disabled when no AD object exists?

What would be useful would be to have the Computer objects lastlogon or lastlogon timestamp AD attribute saved to Lansweeper assets to report on. But what adds complication is we AD join our Linux machines so would need to also have that attribute saved against our Linux assets. It doesn't seem like that attribute is currently saved against assets.

Thanks

keells · yesterday

Correction, its not the Workgroup machines that go inactive when set computers to mon-active if not found in on-prem AD is enabled. We have 2 domain with different names, but they both use the same netBIOS name (really old legacy thing it seems) which is what confuses Lansweeper and thinks assets in the 2nd domain with same netBIOS are all the same domain. As I can only add 1 domain with that netBIOS it means the others drop off unless I disable this option.

keells · yesterday

Thanks for getting back to me, we do have the "Set Computers to non-active if disabled in on-premis AD" enabled, but due to having workgroup machines in Lansweeper as well, if we enable set computers to non active if not found in AD then this disables these machines (last time we tried).

The attribute we are trying to base this of is the Enabled in AD detail in Lansweeper. We are finding that some machines are showing as enabled, even though there is no object in AD for the asset anymore which bloats the report a bit more.

I'm assuming we removed the AD computer accounts without disabling first so that's not updated the LS detail. I guess my other question, is there a way to change these asset's to show the Enabled in AD field as Disabled, or should it set to disabled if no AD object anymore? (Assume I could go into SQL and amend manually as there seems to be no way to do it via GUI).

Thanks

Jacob_H · Saturday

Hey Keels - I'm not official support but you can adjust your cleanup options and set assets no longer found in AD to 'inactive' which is what I do as, like you, i will never delete a legit asset - you can find this in your server options for on-prem in the below image. We don't store that computer attribute unfortunately but if you use the cleanup-to-inactive, along with Active Scanning (which queries the domain controller to get the objects that have indeed authenticated to the domain controller to scan) - in conjunction with lasttried/lastseen, you should get a good foundation to go further in finding old resources.

Trying to run a report for old Computer objects

New to Lansweeper?

Try Lansweeper For Free