This could be PEMBAK
Here is the command I am running
"C:\Program Files\SBAdmin\sbadmcl" -adminuser:%AdminUser% %AdminAuth% %DatabaseString% -command:ShowOldMachines -Group:%OldMachineGroup% -CheckForSeq:Yes -DaysOld:%MachineDaysOld% -OutputFile:"C:\Temp\OldMachines.txt"
As I run it, it certainly highlights the old machines, and places them into the output file. However, for machines that are definitely in Sequence, it seems to ignore that fact, and does nothing with them. I have one host, that has 28 records,and this machine a single machine group. When I run the command, it runs through the object and says “no audit information found” or something to that effect, but it doesn’t label them as in sequence. The machine in this example, has machine name then 0001 => 0027 without any breaks in the sequencing, so a perfect candidate. Anyone else actually have -CheckforSeq working? I tried searching for some threads in the community, but didnt uncover anything.
CheersMessage was edited by: 77larsson on 12/7/09 8:54:04 AM CST
Solved! Go to Solution.
Why don't we go after root cause here and figure out why you are getting duplicate objects in the first place? This is probably an architecture problem - the machines don't have a good enough connection to the server to sustain a sync during activation. So you should simplify your package (making the activation sync take less time/bandwidth), consider offline installs, or modify your architecture.
Also, one scriptable workaround would be to do this:
You can script all of this with the dumpmachineaudit, movemachine and deletemachine commands. The only trick is between steps 4 and 5. You need to make the delete relative to the time the machine was moved (i.e. +30 days from when the machine landed in the new group). You might be able to do this by adding a timestamp to the machine name (using the rename machine command), then filter your deletes based on the machine name. Rename the machine when it gets moved, and then tell your delete command to only delete machines with a timestamp that is at least 30 days before today.
I have seen the same issue, and been unable to program a way out of it. (I have 8 scheduled tasks to clean up the SB 5.1.8 server/db). Right now, finding duplicates is a manual process, so it just doesn't happen very often. There's something about not having an audit trail, that causes the sbadmcl to not find old machines, either.
Great - so I'm not a complete lemming! Someone else noticed it too 🙂
I know it is actually trying to do something, because when i change the checkforseq from Yes to No, the script runs 10 times faster. I have tried to move the place in the script it executes, but to no avail.
The 'no audit information' I believe is the safe option. Although it would be nice to create a custom script to override that. The Check for Sqe is really impt for me as I have thouands of dups and it's really a royal pain doing it manually as you have been. I have better things to be doing on a Saturday night, I'm sure you are of the same opinion!
thx for the response.
My memory is a bit fuzzy on this one, but I think -check for seq only works if the machine has an entry in its audit log. So if you have a bunch of duplicate machines with no audit events, then they get skipped or ignored. You'd have to test to confirm this.
How would one force a client to create another db object Dan? Mostly, it's autodomain doing it here, and there are never any seq events... I'd really like to use the "desc" field instead of the audit log?
Something like - if sequence found (ignore audit log) and desc is set to 'not encrypted' then delete.
How did you arrive with "thousands" of duplicate machine objects?
You could clean inactive ones (no audit) if they were created long time ago. With precautions taken, of course.
yes, it requires the audit to be non-overlapping, and there to be audit.
it's not designed to capture the case of a lot of machine templates, only the real case of a refreshed machine.
Wow - I am going to have carpal tunnel syndrome by the time I am done here. Hopefully with a SQL back end it'll be prettier? Please oh please say it will?
Thanks for the feedback everyone.
You can start playing with EEv6 (was released to world few days ago) to get a feel for that "SQL" easyness...
Speaking of which, what is the querry to get EE user failed login attempts info? Oops, that question should be in new discussion thread...
just dump the audit for all users and all groups for that event and you'll get that - or use the report generator to do the same. Getting the failed attempt list is easy.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center