JSI Tip 8064. OldCmp.exe freeware reports, disables, or deletes Acvtive Directory Computer objects, based upon parameters that you specify.

Download and unzip OldCmp.zip.

When you type oldcmp /?, you receive:

OldCmp V01.04.00cpp Joe Richards ([email protected]) January 2004Usage: OldCmp [switches]  Switches: (designated by - or /)   -report        Write report of objects   -disable       Disable objects   -delete        Delete objects                  Delete will only work on disabled objects.   -stamp         When used with delete w/ expire account as well                  The idea being you can see the date it was done then.   -safety x      How many objects to modify. (Default 10)                  With this set, stops updating after x mods.                  I did this because it is very easy to hurt yourself.   -unsafe        Update ALL of the objects identified.   -forreal       REALLY MAKE THE MODS, this is the final safety.   -h host        Host to use. (Default is to autofind DC)   -s scope       Scope of search. OneLevel, Subtree. (Default Subtree)   -b basedn      RFC 1779 DN to start search at (Default domain root)   -f filter      RFC 2254 LDAP filter (Default is confusing :)   -af addon      RFC 2254 LDAP filter to add to builtin filter   -t xxx         Timeout value in seconds. (Default 300 seconds)   -bit           Bitwise operator filter conversion enable                    :AND:= converts to :1.2.840.113556.1.4.803:=                    :OR:= converts to :1.2.840.113556.1.4.804:=   -ps size       Page size. (Default 100)   -nodc          Exclude DCs from queries   -norefer       No LDAP referrals   -onlydisabled  Only disabled accounts (Default All)   -age x         Min Days Old.  (Default 90 days)   -maxage x      Max Days Old.  (Default Infinity)   -format x      Report Format (Default HTML)                     CSV   - Delimited Text                     HTML  - Standard HTML                     DHTML - Dynamic HTML (IE Only)   -sh            Will autodisplay HTM/HTML/TXT files after run   -file x        File to write to. (Default oldcmp-.htm   -append        Append to file instead of overwrite   -delim x       Delimiter for CSV. (Default ;)                  Specify TAB for t (tab character)   -nolc          Do not normalize machine names to lc - RAW Case   -nohtmlheader  Don't insert base HTML (title, body...)   -sort x        Sort by various fields. (Default Password Age)                     cn    = name                     pwage = password age                     age   = object age                     OS    = operating system version  Ex1:    oldcmp      Display this help  Ex2a:    oldcmp -report      Generate html report of all cmpaccs > 90 days old  Ex2a:    oldcmp -report -format dhtml -sh      Generate dhtml report of all cmpaccs > 90 days old      Open the report after generating it  Ex2c:    oldcmp -report -format csv      Generate csv report of all cmpaccs > 90 days old  Ex3a:    oldcmp -report -age 0      Generate html report of all cmpaccs  Ex3b:    oldcmp -report -age 0 -format csv -delim tab      Generate csv (tab delimited) report of all cmpaccs  Ex4:    oldcmp -report -age 0 -onlydisabled      Generate html report of all disabled cmpaccs  Ex5:    oldcmp -report -age 0 -onlydisabled -sort cn      Generate html report of all disabled cmpaccs, sort on name  Ex6:    oldcmp -delete -age 0 -onlydisabled      Generate html report of all disabled cmpaccs, sort on pwage      Will show you what it would try to delete. Only up to 10.  Ex7:    oldcmp -delete -age 0 -onlydisabled -safety 100      Generate html report of all disabled cmpaccs, sort on pwage      Will show you what it would try to delete. Only up to 100.  Ex8:    oldcmp -delete -age 0 -onlydisabled -unsafe      Generate html report of all disabled cmpaccs, sort on pwage      Will show you what it would try to delete. All cmpaccs.  Ex9:    oldcmp -delete -age 0 -onlydisabled -unsafe -forreal      Generate html report of all disabled cmpaccs, sort on pwage      Will REALLY DELETE all accounts identified.  Ex10:    oldcmp -disable -unsafe -forreal      Generate html report of all cmpaccs > 90 days, sort on pwage      Will REALLY DISABLE all accounts identified.  Ex11:    oldcmp -report -sort OS -age 0 -maxage 60      Generate html report of all cmpaccs still valid, sort on OS  Ex12:    oldcmp -report -af "(operatingsystem=Windows XP Professional)" -onlydisabled -age 0      Generate html report of all disabled Windows XP machines  Ex13:    oldcmp -report -b ou=mycmps,dc=domain,dc=com      Generate html report of cmpaccs >90 days in specified OU Note: This tool is VERY POWERFUL and could be VERY DANGEROUS!       I put a lot of safety locks in it ON PURPOSE!!!       This thing can be used for quite a bit of different computer       auditing if you know what you are doing. Thanks to many of the members of the activedir.org listserv. Lots of good feedback came in from them when they betatested this tool for me. Special thanks to Ryan Durant and Bob Free for helping me with the DHTML option. It wouldn't have made it this soon without that needed assistance. Thanks everyone! This software is Freeware. Use it as you wish at your own risk. If you have improvement ideas, bugs, or just wish to say Hi, I receive email 24x7 and read it in a semi-regular timeframe. You can usually find me at [email protected]