Did you ever have to hunt for a computer object across every domain controller (DC) in your organization to be absolutely sure it no longer existed? Chasing down a computer object can sometimes seem like playing a game of "Where's Waldo?" I tried to find a built-in Windows tool to easily do this, but to no avail. So, I created the Find Computer Object tool.
Here’s how the tool came about. Our Desktop Support Team had experienced some trouble rejoining a computer to our domain. The support team members tried the standard procedures:
- Using the Computer Name tab on the System Properties dialog box, they moved the computer object to a workgroup, then moved it back into the domain, using the administrative credentials required for joining a computer to the domain.
- In the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, they located and deleted the computer object from the domain, waited 90 minutes, then rejoined it to the domain.
After each procedure, the support team members and the computer’s users thought that the problem had been solved because the users could log on to the domain. However, when the users tried to log on later, they found they couldn’t. When the support team members checked, they found that the computer object had “dropped off” the domain.
This problem was frustrating both the users and the support team members, so the troubleshooting team that I belong to was brought in to dig a bit deeper. We had the support team once again join the computer to the domain. We watched the computer object appear on the DC. Later, we confirmed that it no longer existed on the same DC.
A quick ping sweep showed that all the DCs were responding, so we used the Active Directory Users and Computers snap-in to manually search each DC to confirm that the computer object no longer existed on it. That’s when we discovered that the computer object still lingered on one DC.
It turned out that this particular DC was having a replication issue with its partners, but for some unknown reason, the monitoring system didn’t pick up on the problem. The DC had a corrupt database but was still being advertised to clients as valid through DNS.
Having to manually search each DC to find the problem made me realize that there had to be an easier way to check for the presence or absence of a particular computer object across all DCs. That’s when I decided to create the Find Computer Object tool.
The Find Computer Object tool can serve a dual-purpose. You can use it to not only determine whether a computer object is present on a DC but also pinpoint exactly where that object resides in the organizational unit (OU) structure if it’s present.
Figure 1 shows the tool’s UI. After you enter the name of the computer for which you’re searching and click the Find Computer button, the tool builds a list of the computer objects in the Domain Controllers OU in AD. The tool then queries each DC on that list, looking for the computer name you entered. It also increments a progress bar so you know it’s actually doing something.
When the tool finds the computer object, it stops and notifies you. As Figure 2 shows, it tells you the DC on which the computer object was found and the OU in which the computer object resides. If it doesn’t find the computer object on any of the DCs, you’ll receive a message similar to the one shown in Figure 3.
You can download the Find Computer Object tool, which is an HTML Application (HTA), from the Windows IT Pro website. Go to the top of this page and click the Download the Code Here button.