From version 7.2 onward, each Lansweeper scanning server can be configured to scan Active Directory users and computers that have been disabled in AD. In prior Lansweeper versions, AD objects were ignored during scanning if they were disabled. This article explains how to enable scanning of disabled AD users and computers and how to view the results.
Step 1: enable scanning of disabled Active Directory users and/or computers
Go to Configuration\Server Options and enable one or both of the options below, depending on whether you want to scan just disabled computer objects, just disabled user objects or both. Keep in mind that enabling the options below will no longer allow you to enable cleanup options for removing disabled users or computers, and vice versa. The "scan disabled" and "remove disabled" options cannot be combined because they logically contradict each other.
Step 2: scan disabled Active Directory users and/or computers
Go to Scanning\Scanning Targets and add the below scanning targets if you haven't already. Afterward, click Scan Now next to these targets to scan them. The targets below connect directly to Active Directory to retrieve the user and computer objects.
- For computers, an Active Directory Computer Path scanning target. More information on this target type and how to set it up can be found in this article.
- For users, an Active Directory User Path scanning target. More information on this target type and how to set it up can be found in this article.
Step 3: view the scanning results
Go to the Reports menu and search for "enabled/disabled". Two reports exist that list AD computers and users and whether they're enabled or disabled. Individual computer and user webpages also show the object's Active Directory status.
