This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to scan disabled Active Directory users and computers

Bruce_B
Lansweeper Alumni

on ‎07-17-2019 08:30 PM - edited on ‎08-02-2023 04:23 PM by Lansweeper Tech Support

Disabled AD user and computer scanning is a feature introduced in Lansweeper 7.2. You will need to update your installation if you are running a lower Lansweeper version.

From version 7.2 onward, each Lansweeper scanning server can be configured to scan Active Directory users and computers that have been disabled in AD. In prior Lansweeper versions, AD objects were ignored during scanning if they were disabled.

This article explains how to enable scanning of disabled AD users and computers and how to view the results.

Step 1: enable scanning of disabled Active Directory users and/or computers

Go to Scanning > Scanning Targets > On-Premises Active Directory Scanning Options. In the Scanning Scope sectionenable one or both of the options below, depending on whether you want to scan just disabled computer objects, just disabled user objects or both. Keep in mind that enabling the options below will no longer allow you to enable cleanup options for removing disabled users or computers, and vice versa. The "scan disabled" and "remove disabled" options cannot be combined because they logically contradict each other.
Scan disabled Active Directory users and computers 1.png

If the AD options above are greyed out, scroll down and make sure the "remove computers disabled..." and "remove users disabled..." options are unchecked.

Step 2: scan disabled Active Directory users and/or computers

Go to Scanning > Scanning Targets and add the below scanning targets. Afterward, click Scan Now next to these targets to scan them.
How-to-scan-disabled-AD-users-and-computers-2.jpg

These targets connect directly to Active Directory to retrieve the user and computer objects.

  • For computers, the scan type will be an Active Directory Computer Path. More information on this target type and how to set it up can be found in this article.
  • For users, the scan type will be an Active Directory User Path. More information on this target type and how to set it up can be found in this article.

Step 3: view the scanning results

Go to the Reports menu and search for "enabled/disabled". There are two reports that list AD computers and users and whether they're enabled or disabled.  How-to-scan-disabled-AD-users-and-computers-3.jpg

Individual computer and user webpages also show the object's Active Directory status.How-to-scan-disabled-AD-users-and-computers-4.jpg How-to-scan-disabled-AD-users-and-computers-5.jpg

Disabled Active Directory computers are very likely to have a scanning error. Their Active Directory status will prevent them from being logged onto the network and will therefore prevent them from being scanned directly.

Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Version history
Last update:
‎08-02-2023 04:23 PM
Updated by:
Lansweeper Tech Support