1 Reply Latest reply on Apr 7, 2014 9:32 PM by Peter Massa

    Remove LANDesk computer objects


      I am working on trying to ensure my LANDesk database stays in sync with my Active Directory computer objects. Currently our process for retiring machines requires the technicians to delete the Active Directory computer object, and then go into LANDesk and remove the associated computer object.


      I know that you can set the server to automatically delete objects after x days, but due to our installation being very new and our management gateway not being completely configured, we don't want to delete LANDesk computer objects that might still be active machines, but just don't connect to our VPN consistently enough to do an inventory scan.


      Is possible that when we delete the active directory object, that a maintenance task simply scans Active Directory to retrieve the current list of computers, then compares it to the inventories in the database and deletes machines that don't have an Active Directory computer object? I am guessing that a script would work for this task, but if it is possible without having to script something, that would be even better.

        • 1. Re: Remove LANDesk computer objects
          Peter Massa Expert

          I know you didn't want to script something - but use this simple powershell script to do it that I made -




          # Configuration







          # Use these two lines to include credentials in script by replacing mypassword and myusername.

          $secpasswd = ConvertTo-SecureString $password -AsPlainText -Force

          $mycreds = New-Object System.Management.Automation.PSCredential ($serviceaccount, $secpasswd)


          # Use the Get-Credential line to prompt for credentials when you manually run it

          #$mycreds = Get-Credential -Credential "myusername"

          #New-Object System.Management.Automation.PSCredential ("myusername", $secpasswd)


          # Create Web Service

          $LMWS = New-WebServiceProxy -uri http://$corename/mbsdkservice/msgsdk.asmx?WSDL -Credential $mycreds


          # Function to remove devices by their hostname from LD.  Put all available FQDNs below.

          function deleteComputerFromLD {param([string]$name)

              # Write name being removed to console


              # Remove from LD







          # Get all computers in AD currently

          $arrComputers = Get-ADComputer -Filter * | select-object -expandproperty name



          # Get all computers in AD cache from last scan

          $arrCacheComputers = Get-Content $cachelocation



          # Remove any computer no longer in AD from LANDesk

          Compare-Object $arrCacheComputers $arrComputers | where {$_.sideindicator -eq "<="} | % {deleteComputerFromLD($_.inputobject)}



          # Update cache

          $arrComputers | Out-File $cachelocation






          Schedule this script on your core or another server using this command in your scheduled task:

          Start a program: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"

          Parameters: -file "C:\path\adldsync.ps1"




          - You will need a AD read-only account to schedule the task under.

          - You will need a local/ad service account that has the all devices scope and the ability to delete computers from inventory that you will hard code into this script.



          *Note - this has only been tested on 9.5.2 - but should work with any version of LANDesk that supports the DeleteComputerByIPName web service function.



          1 of 1 people found this helpful