3

So, I have a list of 5000 computers on my Windows Active Directory network that may or may not still exist (I know, don't ask...I need to know for a project, and of course little help from the network people, and so many errors in the data they give me)

The computer names fall within SAT1 to SAT5000. However, some of them may have been upgraded to a new OS and renamed. so in this case i would like to detect the new name as well.

I wonder if someone might have a script that would, given a text file containing a list of computer names, for each: 1. ping the computer to check for existence (yes, it must be on, I know)
2. after receiving the ip from the 1st ping, do a ping -a to get a hostname
3. write the results out to a text file

(Even better...is it possible to somehow split the initial file into mutliples, and spawn several batch files to run concurrently, to get down the slowness of synchronously pinging 5000 machines??)

Update

This article seems to be somewhat related to what I am looking for: http://www.enterpriseitplanet.com/networking/features/article.php/1571771

Update 2

This is what I ended up with:

@echo off
rem del output.txt
rem Loop thru list of computer names in file specified on command-line

for /f %%i in (%1) do call :check_machine %%i
goto end

:check_machine

rem Check to see if machine is up.
echo %1
ping -n 2 %1 >NUL 2>NUL
if errorlevel 1 goto down

rem Reverse-lookup machine name and report
  for /f "usebackq tokens=2,3" %%d in (`ping -n 1 -a %1 ^| find "Pinging "`) do echo %1, %%d,%%e >> output.txt
goto end

:down
  rem Report machine down
  echo %1 >> output.txt

:end

And output is in this format:

SAT10 
SAT1209 
SAT601, CGY2601.na.sat.com,[110.3.111.70] 
SAT3592, CGY3592.na.sat.com,[110.0.237.45]

If you split the computers list into mutliple smaller files, you can ping asynchronously like so:

del output.txt
start MassPing.cmd Computers1.txt
start MassPing.cmd Computers2.txt
start MassPing.cmd Computers3.txt
start MassPing.cmd Computers4.txt
start MassPing.cmd Computers5.txt
start MassPing.cmd Computers6.txt
tbone
  • 436
  • 3
  • 8
  • 17

7 Answers7

7

Here's a batch file for you:

@echo off
rem Loop thru list of computer names specified on command-line
for /f %%i in (%1) do call :check_machine %%i
goto end

:check_machine

rem Check to see if machine is up.
ping -n 2 %1 >NUL 2>NUL
if errorlevel 1 goto down

rem Reverse-lookup machine name and report
for /f "usebackq tokens=2" %%d in (`ping -n 1 -a %1 ^| find "Pinging"`) do echo %1:Up:%%d
goto end

:down
rem Report machine down
echo %1:Down

:end

Pass it a text file with a list of computer names in it and it'll PING them (2 tries-- you can increase that by increasing the number after "-n" on the 1st PING command-line), and if it gets a response, perform a reverse-lookup of the name. It returns results as:

computer-name-1:Up:name-it-resolved-to
computer-name-2:Down
computer-name-3:Up:name-it-resolved-to
...

To run multiple in parallel, just make multiple text files w/ different lists of machine names and launch a few copies in parallel.

Quick and dirty saves the day.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
4

Do you really need to ping? The computer account will automatically change its password every 30 days. On a 200/2003/2008 functional level you can use dsquery computer -stalepwd X where X is the number of days since the last password change. This process is usually automated by moving the computer accounts that respond to this to an "OLD" OU and then after an additional 30-90 days they are automatically deleted if the password still has not changed.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • +1 or use "dsquery computer -inactive 4 -limit 0" to see computers which haven't been on in 4 weeks. – Doug Luxem Nov 17 '09 at 02:42
  • +1 - This is what I would do, too. Having said that, I couldn't resist cobbling together a batch file. – Evan Anderson Nov 17 '09 at 02:43
  • 1
    Woah, I got a +1 from EA. I feel like a real SFer now :) – MDMarra Nov 17 '09 at 02:47
  • @DLux, he doesn't say what functional level his domain is. -inactive is probably as good of a choice, except that it is only supported on a 2003/2008 functional level, unless I am mistaken. – MDMarra Nov 17 '09 at 02:48
  • Unless I misunderstand, I don't think this will work for me because of the 30 day delay...by pinging, I can discover all computer names today (if turned on). The death of an old computer name (due to an OS upgrade and rename) wouldn't show up for 30 days by this method, isn't that correct? – tbone Nov 17 '09 at 17:39
  • That's correct. In a large AD environment, usually it is bad to delete computer accounts right away. A 30 day lead time on object deletion is more than acceptable to me (I don't know your situation). The alternative being accidentally deleting an account and having to have someone go rejoin the computer, place it in the right OU, etc etc. I always tend to err on the side of caution. We actually use a 180 day -stalepwd, because I work for a university and some adjuct offices aren't used every semester which gives the illusion that the computers are dead when theyre really jsut inactive. – MDMarra Nov 17 '09 at 20:12
  • In an environment of 5000 objects, the dsquery will likely be much more accurate than expecting everything to be on and respond to a ping – MDMarra Nov 17 '09 at 20:14
  • For my particular situation, despite the drawback of the computer having to be on, Evan's answer was more applicable. Your answer may work better for someone in a different situation than mine. – tbone Nov 18 '09 at 21:39
3

You can also use nmap for scanning:

nmap -sn -PE -oG scan.txt 192.168.1.1 192.168.2.0/24

Quoting from the man page:

-sn: Ping Scan - disable port scan
   The default host discovery done with -sn consists of an ICMP echo request,
   TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request
   by default.

-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
   and Grepable format, respectively, to the given filename.

-PE; -PP; -PM (ICMP Ping Types) .
   In addition to the unusual TCP, UDP and SCTP host discovery types discussed
   previously, Nmap can send the standard packets sent by the ubiquitous ping
   program. Nmap sends an ICMP type 8 (echo request) packet to the target IP
   addresses, expecting a type 0 (echo reply) in return from available hosts.
   [...] Use the -PE option to enable this echo request behavior.

scan.txt will look something like this:

# Nmap 5.50 scan initiated Fri Aug 19 17:59:59 2011 as: nmap -vv -sn -PE -oG /tmp/scan.txt  192.168.1.1 192.168.2.0/24
# Ports scanned: TCP(0;) UDP(0;) SCTP(0;) PROTOCOLS(0;)

Host: 192.168.1.1 ()    Status: Down
Host: 192.168.2.0 (www.dummy.example.org)   Status: Up
Host: 192.168.2.1 (www.foo.example.org) Status: Down
...
# Nmap done at Fri Aug 19 18:03:26 2011 -- NNN IP addresses (1 host up) scanned in 4.02 seconds
Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
1

I had a similar need to do this for several thousand computers and developed a PowerShell script to take care of it. This script runs multiple background jobs concurrently to speed up the ping process and can optionally do a DnsLookup to lookup IP Address and Fully qualified domain name. Performance will vary depending on how many timeouts are encountered, but I have had the script complete for 12,000+ hosts in as little as 15 minutes.

The script is too big to post here, but you can see (and download) it here:

http://poshtips.com/2011/03/28/bgping-a-high-performance-bulk-ping-utility/

xb90
  • 11
  • 1
1

Another method that may work for you is to get the "Network Guys" to spit out the DHCP server leases. Pinging 5000 computers will take a while.

Dayton Brown
  • 1,549
  • 2
  • 13
  • 23
  • Not if you use nmap. :) – Gerald Combs Nov 17 '09 at 16:27
  • I agree this is a good way. In a Win2k3 dhcp server, it's a case of right clicking in the leases table and doinf export list. Done. Or you could achieve the same thing in the netsh. – simon Dec 09 '10 at 00:47
0

what you are trying to do is way wrong my friend.

first off the problem you have has a root, and that root is in Active Directory. so make sure that aging is set properly, and that the dns records are set to be scavenge properly.

than getba list with all of you ip,s in the dns and ping them acainst you Active Directory.

if ip is unknown than pc is dead, you can disable it.

that is the hard way.

the easy way is tough:

run this in command prompt but make sure you are domain admin and have the windows support tools installed into your version of windows. You cand download them from microsoft web site or install them from any windows xp or server 2003 depending what os you are running on.

dsquery computer last logon

probably you would want something like dsquery computer last logon > c:\deadpc.txt now before you go all forensic with that go with this one. dsquery computer -disabled > c:\disabledpc.txt clean those ones first

after you got most of them out of the way, you might want to check for duplicate SID

0

This is perhaps not quite what you had in mind but one tool I use for such purposes is Networkview. It will reveal more than you are asking for and will cost a few dollars but is well worth the price. For a one-off you could just use it in evaluation mode.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108