Is there a clever way to find domain computers without sccm client installed?

What I've tried so far was running the following report, but that lists an insane amout of 452 systems, and I just can't believe we've got that many systems without clients. However the builtin report searching for clients assigned to a particular site and not reporting in is 453. So mayhaps it's true ? Is there a way to filter away ad computers that haven't had it's object 'modified' in months ? maybe by making a collection for it if it isn't already part of the sms database...
 
 

 select v_R_System.ResourceID,v_R_System.Name0 as [Computer Name],v_R_System.Resource_Domain_OR_Workgr0
from v_R_System inner join v_FullCollectionMembership on (v_FullCollectionMembership.ResourceID = v_R_System.ResourceID) 
where v_R_System.Client0 is null and v_FullCollectionMembership.CollectionID = @CollectionID
order by v_R_System.Name0
  
 

 
Sorry about the flood of questions, but there are many sccm things I don't know yet. 

Technically, this isn't so much a CM question... but what you are looking for is a way to get the information from Active Directory (last modified date) vs ConfigMgr's (probably last heartbeat). 
Honestly... I'm not sure if a CM report is the right place for that. You could potentially take that list of 453 machines, and then write up an LDAP query that takes that list of machines as an input list.  and have that LDAP query spit out results of the AD's 'last modified date'; that way, if the last modified date is newer than, say, the last month or two, then you know those are perhaps boxes you should hunt down. 
and the other ones, with a last modified date of 3+ months, then you'd likely want to look into why stale computer accounts aren't deleted from AD.
 
Honestly, though, most people start with AD.  joeware.net has a free script for showing you stale computers accounts, and optionally disabling them.  and then further optionally, if you are comfortable, deleting those disabled computer accounts.  So you could start with AD cleanup first, and then eventually (over months) as those computers are no longer discovered in AD by ConfigMgr, they'll age out of CM.
 
If you absolutely have no control whatsoever regarding computer accounts in AD, and you can't disable or remove them (that is a different person/department), then you may be interested in buying a 3rd party app, systemcentertools.com, which is smarter about what it discovers in AD.

Thanks for the swift reply. I think that'd be a viable route, but as you've already guessed I've not got much say in AD things. I'll suggest that they implement some sort of cleanup routine at the next meeting though. 
Having attended a powershell course last year I can probably write up something nice myself if I'm permitted :)
 
Anyway, you're indicating that those reports do correctly list systems that are in AD and don't have a client right? 

I can't tell you if your report is correct or not.
"It depends"
It depends on at least 2 to 5, maybe more, settings you have in ConfigMgr.  And then settings you have in AD. 
You're really the only one who could tell, by looking at samples from the returned data, to see if they really are active or not in AD, or active or not on the network.  I simply can't tell from that report without knowing 2-10 other parameters about your environment.  And no, I don't want to know those parameters... not when it would be dead easy to take 3 of those boxes, and check in AD and see how old they are.

You could just add the attribute "whenChanged" to your AD system dicovery and qurey or report on that.

I thought I read somewhere that "whenChanged" didn't report right into ConfigMgr?  Maybe that's old info in the back of my brain.  Have you done that successfully, Carl?  I might be thinking of obsolete info.

For stale AD Computers I'd be inclined to use password last set 
here is one of my vb scripts: http://ninet.org/2010/05/vbs-get-old-computer-accounts-from-ad/
You'll want to change the variable "intDays" to suit yourself. 
 
If you are using AD discovery then you could possibly add the password last set property to the AD details you collect and then create a report to look at that. 

Thanks, but I'll probably go with last modified, cause as a remnant of the past with deepfreeze, we're not certain that an old password means an inactive computer. 

Sorry just go back in. Yes last modified seems to work for me but it does record in milliseconds so if you a sql report you will need to use the convert command
here is a snippet from mine
select
Name0,convert(char(26),whenchanged,107)
from SMS_yourdatabse.dbo.v_r_system
 
That should clean it up to something like Feb 22, 2012
 
The "107" was just preference for my report but you choose another format like "1" or "109", "101" etc.. I think Microsoft has a list of all the formats.
 
 

No its readable its just kind of ran all together.

Thanks mate. I just wanted to report back. 
I managed to come up with the following, which works adequately. Had to learn the cast function first though. 
Put the Currently used client version and 90 days of age as default prompts. Works brilliantly. And nicked the code for the sms version count as input for the version prompt just for good measure :)
 

 select v_R_System.ResourceID,v_R_System.Name0 as [Computer Name],convert(char(26),v_R_System.whenchanged0,103) as [Object Modified], v_R_System.Client_Version0 as [Client Version],v_R_System.Resource_Domain_OR_Workgr0 as [Domain],v_RA_System_SMSAssignedSites.SMS_Assigned_Sites0 as [Site]from v_R_System join v_RA_System_SMSAssignedSites on v_R_System.ResourceID = v_RA_System_SMSAssignedSites.ResourceIDinner join v_FullCollectionMembership on (v_FullCollectionMembership.ResourceID = v_R_System.ResourceID) 
where v_FullCollectionMembership.CollectionID = @CollectionID and v_R_System.Client_Version0 not like @ClientVersion and (DateDiff(day, v_R_System.whenChanged0, GetDate()) < cast(@SystemAge AS int))
order by v_R_System.Name0