Software Management Group

What is your strategy to make sure that your Active Directory and Altiris Computer inventory matches?  Our AD is a mess, I am in the process of rolling out our Altiris in the environment, cleaning AD along the way and would like to keep our AD as clean as possible, as far as stale computer accounts.  I am sure you guys have been in this situation before.  What strategy do you employ to make sure both of your AD and Altiris match up? Altiris reports to use? AD tools to use? scripts? automated comparison etc? please share, as this would definitely give Altiris a value add in the enterprise.

Right now I do a complete report of the age of the Computer Account's AD password (via non-altiris scripts), the timestamp of the DNS record update of the machine (via non-altiris scripts), and compare that to Altiris reports with the max Agent config request time and Last Login time.

This is primarily used to locate stale machines, laptops (OR VMs) that have been offline too long (and not marked as retired or "in stock" in Altiris Asset.

Various vbscripts or powershell scripts can be used.  One I like will enumerate all AD Computer objects, ping them, and then queries the PC Name via WMI.  This can quickly give us info on machines that have matching DNS records and those that don't (we don't have DNS scavanging enabled).

 

This quick query lets me know the last time the agents checked in with the Altiris server.

with LCT as

 

       (SELECT [ResourceGuid],max([_eventTime]) as 'LastConfigTime'

     FROM [Symantec_CMDB71].[dbo].[Evt_NS_Client_Config_Request]

        group by [ResourceGuid])

 

  select VC.Name,VC.[OS Name],VC.[IP Address],LCT.LastConfigTime from vcomputer vc

  join LCT on LCT.ResourceGuid = vc.guid

 

 

thanks for sharing, could you also share some non-altiris scripts as well?

Hi, when I run the sql query above I only get one computer result. Is it possible to specify last configuration request from lets say 15 days?