How to scan disabled Active Directory users and computers

Disabled AD user and computer scanning is a feature introduced in Lansweeper 7.2 BETA. The BETA download page provides more information on Lansweeper 7.2. Keep in mind that BETA installers are experimental. They should be run on a separate test server and should *not* be used to update your Lansweeper production environment.

From version 7.2 BETA onward, each Lansweeper scanning server can be configured to scan Active Directory users and computers that have been disabled in AD. In prior Lansweeper versions, AD objects were ignored during scanning if they were disabled. This article explains how to enable scanning of disabled AD users and computers and how to view the results.

Step 1: enable scanning of disabled AD users and/or computers

Go to Configuration\Server Options and enable one or both of the options below, depending on whether you want to scan just disabled computer objects, just disabled user objects or both. Keep in mind that enabling the options below will no longer allow you to enable cleanup options for removing disabled users or computers, and vice versa. The "scan disabled" and "remove disabled" options cannot be combined because they logically contradict each other.

Active Directory Scanning Options

If the AD options above are greyed out, scroll down the page and make sure the "remove computers disabled..." and "remove users disabled..." options are unchecked.

Step 2: scan disabled AD users and/or computers

Go to Scanning\Scanning Targets and add the below scanning targets if you haven't already. Afterward, click Scan Now next to these targets to scan them. The targets below connect directly to Active Directory to retrieve the user and computer objects.

  • For computers, an Active Directory Computer Path scanning target. More information on this target type and how to set it up can be found in this article.
  • For users, an Active Directory User Path scanning target. More information on this target type and how to set it up can be found in this article.

adding Active Directory computer and user targets

Step 3: view the scanning results

Go to the Reports menu and search for "enabled/disabled". Two reports exist that list AD computers and users and whether they're enabled or disabled. Individual computer and user webpages also show the object's Active Directory status.

Active Directory computer and user reports

Active Directory computer page

Active Directory user page

Disabled Active Directory computers are very likely to have a scanning error. Their Active Directory status will prevent them from being logged onto the network and will therefore prevent them from being scanned directly.

 

Related Articles