HOSTCHK by Natalie Green This set of scripts does the following (in order): 1. Pull enabled computer objects from ADSI, including their operating system number and name, and the last login date, then sort the list. 2. Filter out "zombie" hosts, e.g., cluster and failover hosts that don't exist but are mirrored names of actual hosts. Can also include excluded hosts. 3. Create logfile. Its name is preceded with the domain name, and appended with the date in format YYYYMMDD. 4. Retrieves IP address and adds to each hosts' output string in logfile. 5. Pings each host and add status to string. 6. Performs WMI authentication check on each host, and adds result to string. I've found the resulting log file helpful when checking against a list of hosts from our antivirus server. It helps ensure all hosts in the domain have an agent, and to ensure each host is in a domain for manageability. Since Active Directory is authoritative, it's also good to see which hosts: - have bad DNS entries, since those that are powered on should also successfully complete a WMI authentication check. Any that don't authenticate likely have bad DNS records. Such records should be removed. - are in multiple domains. The old duplicates, or original AD objects, should usually be disabled or deleted. - have trust issues with its domain. They should be repaired or reimaged. - are missing the agent being checked. If they show up on this list but not the one exported from the management server, a query should be done. - have corrupted WMI. Those that do are usually repaired by the script on this webpage but not always: http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/22e4cfbc-29a3-4cfa-b007-2aff158ccd11 The scripts were cobbled together from many different elements across the web. I referenced methods wherever possible. A couple more notes on the scripts: 1. If typing "createADList-start.bat" from the command line (without quotes, of course) with no parameters, it will automatically work on the current domain. However, an additional feature is to get the info from a trusting domain. You do this by adding a parameter to the batch: the filename of the file with the FQDN of the trusting domain in it. So if your current domain is SmallTree.BigTree.CompanyName.com, and you want to run the script against its parent ADSI tree BigTree.CompanyName.com, then you'd create a text file (name of file is irrelevant) and put the name of a BigTree domain controller in like this: DomainControl01.BigTree.CompanyName.com 2. The zombie feature works by using a hardcoded file called zombie.txt, which has the name of each host you want excluded from the list entered on unique lines. Wildcard type behaviour is done by simply putting shortened host names. 3. The vbs script also compares the login date to today's date, and tells you if it's "old" based on a configurable number in the script (it's labeled). This is helpful in determining hosts that have not been used in a long time. Here's an example output line after the script is done: Host1.MyDomain.MyCompany.com,6.1 (7601),Windows Server 2008 R2 Standard,LOGON-11/03/2012 10:43:08 AM,Over45-N ,192.168.1.10,PWR1,WMI1 I typically split off the FQDN by the dot (.) to be able to sort on the domain of each host. Makes it easy to look for suspicious duplicates, and to sort based on domain. When you have hundreds or thousands of hosts, and many domains, sorting and filtering these fields become quite powerful.