Show computers where the registered user is a member a particular security group.

The below query can be used to show computers where the registered user is a member of a defined security group.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.RegisteredUser in (select distinct SMS_R_User.FullUserName from  SMS_R_User where SMS_R_User.UserGroupName = “DOMAINGROUP”)


Finding old workstations in Active Directory

You can run the following command on a Server 2003 DC to find all the computer accounts that have been inactive for 5 weeks or more.

dsquery computer “OU=XP Machines,OU=Workstations,DC=domain,DC=local” -limit 0 -inactive 5 >C:5weeks.txt

You can then use the following command to take all the computers that you found with the above command and move them to another OU.

For /F “delims=$” %c in (‘Type C:oldcomputers.txt’) Do DSMove %c -newparent “OU=DisabledWorkstations,DC=domain,DC=local”