This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 

Trying to run a report for old Computer objects

keells
Engaged Sweeper II

ā€Ž01-03-2025 06:08 PM

Hi 

Hoping someone may be able to assist or look to see if this can be improved. Currently we run a report via powerhsell that shows AD computers and their lastlogon AD attribute so we can look to remove old servers with a logon over 90 days.

I did try and update to use a Lansweeper report using the last seen data and the computer is enabled attribute from AD, but I am seeing lots of old servers that no longer have an AD account appearing. We need to keep old disabled computer objects in Lansweeper for auditing so there are lots of older machines that no longer exist anywhere in VMWare or AD but are in Lansweeper. I can't just remove inactive servers in the report based on Lansweeper attribute either as they may appear inactive in Lansweeper but still have a computer account so need to report on all objects then filter based on the other attributes.

Whats strange is alot of these old computers are showing as enabled in AD based on Lansweeper data when the object no longer exists in AD, should this not have updated as the object no longer exists. Is there something I need to do to make sure they appear as disabled when no AD object exists?

What would be useful would be to have the Computer objects lastlogon or lastlogon timestamp AD attribute saved to Lansweeper assets to report on. But what adds complication is we AD join our Linux machines so would need to also have that attribute saved against our Linux assets. It doesn't seem like that attribute is currently saved against assets.

Thanks

0 Kudos
4 REPLIES 4
keells
Engaged Sweeper II

a month ago

Correction, its not the Workgroup machines that go inactive when set computers to mon-active if not found in on-prem AD is enabled. We have 2 domain with different names, but they both use the same netBIOS name (really old legacy thing it seems) which is what confuses Lansweeper and thinks assets in the 2nd domain with same netBIOS are all the same domain. As I can only add 1 domain with that netBIOS it means the others drop off unless I disable this option.

0 Kudos
Jacob_H
Lansweeper Employee
Lansweeper Employee
In response to keells

a month ago - last edited a month ago

same NETBIOS!?  lol aah!  umm.... that's something I can't test lol.  do you have both domains set in active scanning?  Perhaps put in a ticket to support - they might have a solution versus me going through troubleshooting steps for something I haven't encountered.   Same NETBIOS???  I feel your pain.

0 Kudos
keells
Engaged Sweeper II

a month ago

Thanks for getting back to me, we do have the "Set Computers to non-active if disabled in on-premis AD" enabled, but due to having workgroup machines in Lansweeper as well, if we enable set computers to non active if not found in AD then this disables these machines (last time we tried). 

The attribute we are trying to base this of is the Enabled in AD detail in Lansweeper. We are finding that some machines are showing as enabled, even though there is no object in AD for the asset anymore which bloats the report a bit more.

I'm assuming we removed the AD computer accounts without disabling first so that's not updated the LS detail. I guess my other question, is there a way to change these asset's to show the Enabled in AD field as Disabled, or should it set to disabled if no AD object anymore? (Assume I could go into SQL and amend manually as there seems to be no way to do it via GUI).

 

Thanks

 

Preview file
2 KB
0 Kudos
Jacob_H
Lansweeper Employee
Lansweeper Employee

ā€Ž01-04-2025 02:04 AM

Hey  Keels -  I'm not official support but you can adjust your cleanup options and set assets no longer found in AD to 'inactive'  which is what I do as, like you, i will never delete a legit asset - you can find this in your server options for on-prem in the below image.  We don't store that computer attribute unfortunately but if you use the cleanup-to-inactive, along with Active Scanning (which queries the domain controller to get the objects that have indeed authenticated to the domain controller to scan) - in conjunction with lasttried/lastseen, you should get a good foundation to go further in finding old resources.

 
 

2025-01-03 18_55_06-Server Options _ Configuration.png

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now