I've done up another version of the audit_windows script.
If a PC is attempted to audit but it cannot be contacted (or firewall is on or whatever), assuming the PC is on a domain, the audit script asks the domain for any information it can give about the PC. This is designed to be called from the audit_domain script, but for testing we can call it directly.
To test, could I ask you run the attached script against a machine you know is not powered on and that is joined to the same domain as your PC.
The debug level is set to 2, so you should see some useful output. It will NOT attempt to send the data to the audit server.
Items of note are:
ldap = ""
This should normally be left as is. If an ldap variable is passed via the command line, this will be used. If it is not, the local ldap settings will be used. Normally the ldap attribute will be passed by the audit_domain script.
No need to set this for testing.
ldap_seen_days = "0"
You can set this to only return info from AD if a system has been seen by AD in the last XX days. IE - we have systems that are in AD but have been disposed of and not seen by AD in years (don't ask). We don't care about these, but they will be returned by the audit_domain script.
ldap_seen_date = "2000-01-01"
This is very similar to the attribute above. If the system has been seen by AD since this date then it will be returned. If it has not been seen, no AD details are returned.
So, to test simply run "cscript audit_windows.vbs COMPUTERNAME" against a computer that is on the domain, but turned off. You should see the XML dumped to the console. This contains useful (by extremely limited) taken from Active Directory.
You can also try altering the ldap_seen_ attributes and see if it returns as expected.
This particular feature is useful when you have systems that are on and off the network (think laptops) and that don't have logon scripts.
Anyway, have at it and post your comments (fingers crossed)!