How to tell when a computer was joined to the domain?

[Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+]

That's it.. just looking to see if anyone knows how to tell when a
particular computer was joined to a domain. I have a computer that was
joined to a domain probably close to 9 months ago, but now I need to
verify exactly when. Oh, I need to do this on the server - I don't
have access to the computer that joined the domain to verify this
info.

Thanks in advance!

 

[neo [mvp outlook]]

Is this helpful?

http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan06/hey0125.mspx

"Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <ameador1@hotmail.com>
wrote in message
news:1184422732.758706.49580@o61g2000hsh.googlegroups.com...
> That's it.. just looking to see if anyone knows how to tell when a
> particular computer was joined to a domain. I have a computer that was
> joined to a domain probably close to 9 months ago, but now I need to
> verify exactly when. Oh, I need to do this on the server - I don't
> have access to the computer that joined the domain to verify this
> info.
>
> Thanks in advance!
>

 

[Richard Mueller [MVP]]

As noted in the link, if the computer object was created in the domain when
the computer was joined to the domain (not created ahead of time), the
whenCreated attribute value will be the date the computer joined. In a
VBScript, bind to the computer object and retrieve whenCreated. Or, use a
command line tool.

Set objComputer =
GetObject("LDAP://cn=MyComputer,ou=Sales,dc=MyDomain,dc=com")
Wscript.Echo objComputer.whenCreated

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"neo [mvp outlook]" <neo@discussions.microsoft.com> wrote in message
news:edh$GhixHHA.3536@TK2MSFTNGP03.phx.gbl...
> Is this helpful?
>
> http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan06/hey0125.mspx
>
> "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <ameador1@hotmail.com>
> wrote in message
> news:1184422732.758706.49580@o61g2000hsh.googlegroups.com...
>> That's it.. just looking to see if anyone knows how to tell when a
>> particular computer was joined to a domain. I have a computer that was
>> joined to a domain probably close to 9 months ago, but now I need to
>> verify exactly when. Oh, I need to do this on the server - I don't
>> have access to the computer that joined the domain to verify this
>> info.
>>
>> Thanks in advance!
>>
>
>

 

[Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+]

I have tried tweaking with the script below, but have not suceeded
in making it work. The computer name I'm trying to access is
Computer13. I assume I substitute this in place of MyComputer. The
internal domain name is what follows the first dc? The second dc is
always dc=com? The last issue is what to use for the ou. The computer
is in a tree of ou's on under the other - do I use the whole tree
structure, or the lowest level ou it is in? If I use the whole tree
structure, how do I write it... Computers.Tampa.Office3.General
Desktops

Please clarify - I'm not very familiar with scripting.

I have saved this in a text file called test.vbs and am double-
clicking on it from Exporer - is this the right way to go about it?

Thanks for your input.

On Jul 14, 12:41 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@ameritech.nospam.net> wrote:
> As noted in the link, if the computer object was created in the domain when
> the computer was joined to the domain (not created ahead of time), the
> whenCreated attribute value will be the date the computer joined. In a
> VBScript, bind to the computer object and retrieve whenCreated. Or, use a
> command line tool.
>
> Set objComputer =
> GetObject("LDAP://cn=MyComputer,ou=Sales,dc=MyDomain,dc=com")
> Wscript.Echo objComputer.whenCreated
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab -http://www.rlmueller.net
> --
>
> "neo [mvp outlook]" <n...@discussions.microsoft.com> wrote in messagenews:edh$GhixHHA.3536@TK2MSFTNGP03.phx.gbl...
>
>
>
> > Is this helpful?
>
> >http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan06/h...
>
> > "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <amead...@hotmail.com>
> > wrote in message
> >news:1184422732.758706.49580@o61g2000hsh.googlegroups.com...
> >> That's it.. just looking to see if anyone knows how to tell when a
> >> particular computer was joined to a domain. I have a computer that was
> >> joined to a domain probably close to 9 months ago, but now I need to
> >> verify exactly when. Oh, I need to do this on the server - I don't
> >> have access to the computer that joined the domain to verify this
> >> info.
>
> >> Thanks in advance!- Hide quoted text -
>
> - Show quoted text -

 

[Richard Mueller [MVP]]

You can double click on a *.vbs file, and it will be run with whatever host
program has been configured as the default on your computer, either
cscript.exe or wscript.exe. I think wscript is usually the default. When you
run a script with wscript, any Wscript.Echo statements result in a dialog
box displaying the values. If you run the script with cscript the program
runs in a command window. I generally run administrative VBScript programs
at a command prompt with the cscript host. This way I see the output at the
console, including error messages. For example, if the program is saved in a
file called example.vbs, I run it at a command prompt with the command:

cscript example.vbs

this assumes I have navigated to the folder where the file example.vbs is
saved. Otherwise, I must specify the path. If I want to redirect output to a
text file (so it doesn't scroll off the screen and I can view the output in
notepad), I use the //nologo optional parameter to suppress the logo
information. For example:

cscript //nologo example.vbs > report.txt

To bind to an object with the LDAP provider you need the Distinguished Name
(DN) of the object. This uniquely identifies the object and shows its
location in the hierarchy of Active Directory. The computer with DN:

cn=MyComputer,ou=Sales,dc=MyDomain,dc=com

has Common Name "MyComputer". It is in the OU called "Sales", which is in
the domain with DNS name MyDomain.com. Another domain might be
MyDivision.MyCompany.net. Most likely, the NetBIOS name of this computer
(the NT name, or "pre-Windows 2000 name") is "MyComputer", but that does not
have to be true. If you know the NetBIOS name of a computer, you can use the
NameTranslate object to convert this (in combination with the NetBIOS name
of the domain) to the DN of the computer required by the LDAP provider.

In a similar way, the NetBIOS name of the domain in my example is most
likely "MyDomain", but again this might not be true. Fortunately, you can
retrieve the DNS name of the domain from the RootDSE object and user the
NameTranslate object to convert this to the NetBIOS name of the domain. For
example:
=====================
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the computer.
strComputer = "WEST1003"

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the DNS format of the object name.
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
' Use the Get method to retrieve the NetBIOS name.
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)


' Use the NameTranslate object to convert the NetBIOS name of the
' computer to the Distinguished Name required for the LDAP provider.
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer
' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the computer object in Active Directory with the LDAP provider.
Set objComputer = GetObject("LDAP://" & strComputerDN)



' Display whenCreated date, which should be the date when the computer

' joined the domain.

Wscript.Echo objComputer.whenCreated

============

The above is the most generic way, retrieving as much as possible
programmatically. The only thing we cannot retrieve, which you must supply,
is the NetBIOS name of the computer. If you are familiar with Distinguished
Names, and know the DN for a computer, you use it to bind to the computer
object immediately. The DN's take getting used to.


--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


"Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <ameador1@hotmail.com>
wrote in message
news:1184433756.122624.196410@22g2000hsm.googlegroups.com...
> I have tried tweaking with the script below, but have not suceeded
> in making it work. The computer name I'm trying to access is
> Computer13. I assume I substitute this in place of MyComputer. The
> internal domain name is what follows the first dc? The second dc is
> always dc=com? The last issue is what to use for the ou. The computer
> is in a tree of ou's on under the other - do I use the whole tree
> structure, or the lowest level ou it is in? If I use the whole tree
> structure, how do I write it... Computers.Tampa.Office3.General
> Desktops
>
> Please clarify - I'm not very familiar with scripting.
>
> I have saved this in a text file called test.vbs and am double-
> clicking on it from Exporer - is this the right way to go about it?
>
> Thanks for your input.
>
> On Jul 14, 12:41 pm, "Richard Mueller [MVP]" <rlmueller-
> nos...@ameritech.nospam.net> wrote:
>> As noted in the link, if the computer object was created in the domain
>> when
>> the computer was joined to the domain (not created ahead of time), the
>> whenCreated attribute value will be the date the computer joined. In a
>> VBScript, bind to the computer object and retrieve whenCreated. Or, use a
>> command line tool.
>>
>> Set objComputer =
>> GetObject("LDAP://cn=MyComputer,ou=Sales,dc=MyDomain,dc=com")
>> Wscript.Echo objComputer.whenCreated
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab -http://www.rlmueller.net
>> --
>>
>> "neo [mvp outlook]" <n...@discussions.microsoft.com> wrote in
>> messagenews:edh$GhixHHA.3536@TK2MSFTNGP03.phx.gbl...
>>
>>
>>
>> > Is this helpful?
>>
>> >http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan06/h...
>>
>> > "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+"
>> > <amead...@hotmail.com>
>> > wrote in message
>> >news:1184422732.758706.49580@o61g2000hsh.googlegroups.com...
>> >> That's it.. just looking to see if anyone knows how to tell when a
>> >> particular computer was joined to a domain. I have a computer that was
>> >> joined to a domain probably close to 9 months ago, but now I need to
>> >> verify exactly when. Oh, I need to do this on the server - I don't
>> >> have access to the computer that joined the domain to verify this
>> >> info.
>>
>> >> Thanks in advance!- Hide quoted text -
>>
>> - Show quoted text -
>
>

 

[Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+]

Thank you very much for this detailed response! I think we're
almost there, but now I have another problem. When I run the script
below, I am getting the following error: "Name Translation: Could not
find the name or insufficient right to see the name. Error Number:
80072116 Source: (null)" for the line that says "objTrans.Set
ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer". I put
Wscript.Echo cammands before this point and the strNetBIOSDomain and
strComputer items seem right (and I did change WEST1003 to COMPUTER13)

There is an issue listed at http://support.microsoft.com/kb/317982#appliesto
that seems to indicate that this is a known bug with having the '\'
character in the text being used in the set method, but there is no
solution. Maybe this is a different issue, but I thought I'd at least
bring it up. The only thing that doesn't make sense is the fact that I
am running this on a Window Small Business Server 2003 system. The
article says this applies to 2000, but says nothing of 2003. So what
to do now?


On Jul 14, 5:29 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@ameritech.nospam.net> wrote:
> You can double click on a *.vbs file, and it will be run with whatever host
> program has been configured as the default on your computer, either
> cscript.exe or wscript.exe. I think wscript is usually the default. When you
> run a script with wscript, any Wscript.Echo statements result in a dialog
> box displaying the values. If you run the script with cscript the program
> runs in a command window. I generally run administrative VBScript programs
> at a command prompt with the cscript host. This way I see the output at the
> console, including error messages. For example, if the program is saved in a
> file called example.vbs, I run it at a command prompt with the command:
>
> cscript example.vbs
>
> this assumes I have navigated to the folder where the file example.vbs is
> saved. Otherwise, I must specify the path. If I want to redirect output to a
> text file (so it doesn't scroll off the screen and I can view the output in
> notepad), I use the //nologo optional parameter to suppress the logo
> information. For example:
>
> cscript //nologo example.vbs > report.txt
>
> To bind to an object with the LDAP provider you need the Distinguished Name
> (DN) of the object. This uniquely identifies the object and shows its
> location in the hierarchy of Active Directory. The computer with DN:
>
> cn=MyComputer,ou=Sales,dc=MyDomain,dc=com
>
> has Common Name "MyComputer". It is in the OU called "Sales", which is in
> the domain with DNS name MyDomain.com. Another domain might be
> MyDivision.MyCompany.net. Most likely, the NetBIOS name of this computer
> (the NT name, or "pre-Windows 2000 name") is "MyComputer", but that does not
> have to be true. If you know the NetBIOS name of a computer, you can use the
> NameTranslate object to convert this (in combination with the NetBIOS name
> of the domain) to the DN of the computer required by the LDAP provider.
>
> In a similar way, the NetBIOS name of the domain in my example is most
> likely "MyDomain", but again this might not be true. Fortunately, you can
> retrieve the DNS name of the domain from the RootDSE object and user the
> NameTranslate object to convert this to the NetBIOS name of the domain. For
> example:
> =====================
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
> ' Specify the NetBIOS name of the computer.
> strComputer = "WEST1003"
>
> ' Determine DNS name of domain from RootDSE.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use the NameTranslate object to find the NetBIOS domain name from the
> ' DNS domain name.
> Set objTrans = CreateObject("NameTranslate")
> ' Initialize NameTranslate by locating the Global Catalog.
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> ' Use the Set method to specify the DNS format of the object name.
> objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
> ' Use the Get method to retrieve the NetBIOS name.
> strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
> ' Remove trailing backslash.
> strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
>
> ' Use the NameTranslate object to convert the NetBIOS name of the
> ' computer to the Distinguished Name required for the LDAP provider.
> ' Use the Set method to specify the NT format of the object name.
> objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer
> ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
> strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Bind to the computer object in Active Directory with the LDAP provider.
> Set objComputer = GetObject("LDAP://" & strComputerDN)
>
> ' Display whenCreated date, which should be the date when the computer
>
> ' joined the domain.
>
> Wscript.Echo objComputer.whenCreated
>
> ============
>
> The above is the most generic way, retrieving as much as possible
> programmatically. The only thing we cannot retrieve, which you must supply,
> is the NetBIOS name of the computer. If you are familiar with Distinguished
> Names, and know the DN for a computer, you use it to bind to the computer
> object immediately. The DN's take getting used to.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab -http://www.rlmueller.net
> --
>
> "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <amead...@hotmail.com>
> wrote in messagenews:1184433756.122624.196410@22g2000hsm.googlegroups.com...
>
>
>
> > I have tried tweaking with the script below, but have not suceeded
> > in making it work. The computer name I'm trying to access is
> > Computer13. I assume I substitute this in place of MyComputer. The
> > internal domain name is what follows the first dc? The second dc is
> > always dc=com? The last issue is what to use for the ou. The computer
> > is in a tree of ou's on under the other - do I use the whole tree
> > structure, or the lowest level ou it is in? If I use the whole tree
> > structure, how do I write it... Computers.Tampa.Office3.General
> > Desktops
>
> > Please clarify - I'm not very familiar with scripting.
>
> > I have saved this in a text file called test.vbs and am double-
> > clicking on it from Exporer - is this the right way to go about it?
>
> > Thanks for your input.
>
> > On Jul 14, 12:41 pm, "Richard Mueller [MVP]" <rlmueller-
> > nos...@ameritech.nospam.net> wrote:
> >> As noted in the link, if the computer object was created in the domain
> >> when
> >> the computer was joined to the domain (not created ahead of time), the
> >> whenCreated attribute value will be the date the computer joined. In a
> >> VBScript, bind to the computer object and retrieve whenCreated. Or, use a
> >> command line tool.
>
> >> Set objComputer =
> >> GetObject("LDAP://cn=MyComputer,ou=Sales,dc=MyDomain,dc=com")
> >> Wscript.Echo objComputer.whenCreated
>
> >> --
> >> Richard Mueller
> >> Microsoft MVP Scripting and ADSI
> >> Hilltop Lab -http://www.rlmueller.net
> >> --
>
> >> "neo [mvp outlook]" <n...@discussions.microsoft.com> wrote in
> >> messagenews:edh$GhixHHA.3536@TK2MSFTNGP03.phx.gbl...
>
> >> > Is this helpful?
>
> >> >http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan06/h...
>
> >> > "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+"
> >> > <amead...@hotmail.com>
> >> > wrote in message
> >> >news:1184422732.758706.49580@o61g2000hsh.googlegroups.com...
> >> >> That's it.. just looking to see if anyone knows how to tell when a
> >> >> particular computer was joined to a domain. I have a computer that was
> >> >> joined to a domain probably close to 9 months ago, but now I need to
> >> >> verify exactly when. Oh, I need to do this on the server - I don't
> >> >> have access to the computer that joined the domain to verify this
> >> >> info.
>
> >> >> Thanks in advance!- Hide quoted text -
>
> >> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

 

[verukins]

Script method is all fine, but if your having problems with that,
simply look at the "objectcreated" attribute in ADSIEDIT.

If your having trouble with the script, and this is a once off - this
may be quicker.

 

[Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+]

Thanks! That finished it off. I don't doubt that the script should
be fine - but it gives the exact error that is in the listed Microsoft
KB article. "Computer13" is the netBIOS name for the computer in
question - in fact here is the final distinguished name I pulled from
ADSIEDIT:

CN=Computer13,OU=General
Desktops,OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=<removed for
posting>,DC=local

So, being that all I had to do was plug in the computer name in the
variable at the top of the script, there was nothing for me to mess-up
on.

Anyway - I have found what I was looking for thanks to you guys! I
appreciate the help.

We can continue to discuss the reason for the script not working
for me, but I can take is to a scripting group since that is really
now where this post is going since my original problem has been
solved. Either way is fine.

Again, thanks!

On Jul 15, 2:45 am, verukins <veruk...@hotmail.com> wrote:
> Script method is all fine, but if your having problems with that,
> simply look at the "objectcreated" attribute in ADSIEDIT.
>
> If your having trouble with the script, and this is a once off - this
> may be quicker.

 

[Richard Mueller [MVP]]

The error you described is raised when the Set method cannot find the object
specified. With ADS_NAME_TYPE_NT4 the object name needs to be in the form:

Domain\ObjectName

where "Domain" is the NetBIOS name of the domain and "ObjectName" is the
NetBIOS name of the object. In you case, since the Common Name is
"Computer13", I would expect the NetBIOS name to be "Computer13", but this
does not have to be the case. Notice that when I retrieve the NetBIOS name
of the domain in the code, I stripped of the trailing backslash. I could
have left this on, but I always use this code to retrieve the NetBIOS domain
name. Then I need to append the "\" in the string I pass to the Set method
of the NameTranslate object. If you added:

Wscript.Echo strNetBIOSDomain
Wscript.Echo strComputer

You should have seen something like:

MyDomain
Computer13

Neither value should have had a backslash. If all appears fine, then the
only explanation I am aware of is that the NetBIOS name of the computer is
not Computer13.

One way to tell for sure is to use NameTranslate to convert the DN back to
the NT form of the name. From ADSI Edit, you know the DN of the object. The
code would be very similar:
===============
' Constants for the NameTranslate object.

Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the Distinguished Name of the computer.

' Watch line wrapping, this is one line.

strComputerDN = CN=Computer13,OU=General
Desktops,OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=<removed for
posting>,DC=local"



' Use the NameTranslate object to convert the Distinguished Name

' of the object to the NetBIOS name.

Set objTrans = CreateObject("NameTranslate")

' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the RPC 1779 format of the object name.
objTrans.Set ADS_NAME_TYPE_1779, strComputerDN

' Use the Get method to retrieve the NT Name.
strNTName = objTrans.Get(ADS_NAME_TYPE_NT4)

Wscript.Echo strNTName

==============

The output should be similar to:



Domain\Computer13


--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


"Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+" <ameador1@hotmail.com>
wrote in message
news:1184503482.501858.280870@w3g2000hsg.googlegroups.com...
> Thanks! That finished it off. I don't doubt that the script should
> be fine - but it gives the exact error that is in the listed Microsoft
> KB article. "Computer13" is the netBIOS name for the computer in
> question - in fact here is the final distinguished name I pulled from
> ADSIEDIT:
>
> CN=Computer13,OU=General
> Desktops,OU=SBSComputers,OU=Computers,OU=MyBusiness,DC=<removed for
> posting>,DC=local
>
> So, being that all I had to do was plug in the computer name in the
> variable at the top of the script, there was nothing for me to mess-up
> on.
>
> Anyway - I have found what I was looking for thanks to you guys! I
> appreciate the help.
>
> We can continue to discuss the reason for the script not working
> for me, but I can take is to a scripting group since that is really
> now where this post is going since my original problem has been
> solved. Either way is fine.
>
> Again, thanks!
>
> On Jul 15, 2:45 am, verukins <veruk...@hotmail.com> wrote:
>> Script method is all fine, but if your having problems with that,
>> simply look at the "objectcreated" attribute in ADSIEDIT.
>>
>> If your having trouble with the script, and this is a once off - this
>> may be quicker.
>
>