export disabled user account after 45 days from my AD 2003

Hello,
Following should do the trick

dsquery user -disabled -limit 0 | dsget user -samid > disabledusers.csv

Ok it correct command, but it export all disabled account.

1- i neet only account disabled since 45 days

2- the users export must be in distinguishedName attributes

thanks

FOR the date, may be i can use the whenchanged attribute?

find this
https://www.experts-exchange.com/questions/22878069/Find-all-disabled-users-who-are-greater-than-3-months.html

Hi msabry06,

Ok good link, but the script not work for me and i need to get the disabled user in the last 20 days.

thanks

Another way you could do it is using adfind by MVP Joe Richards

http://www.joeware.net/freetools/tools/adfind/index.htm

The date format is stored in AD as a 64 bit integer.  You would need the hours and minutes to know the exact time of change.  More on the date format here
http://blog.scottlowe.org/2006/10/11/finding-recently-created-active-directory-accounts/

So one example is suppose you want to track disabled accounts that were changed after Oct 1, 2011

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(useraccountcontrol:AND:=2)(whenchanged>=20111001000000.0Z)" samaccountname whenchanged -tdcas
 
Thanks
Mike

ok but this command not get a disabled account only?

the disabling date is not stored on the account. You may search for the last modified date but this can also be a change not for the disabling.

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" -attr distinguishedName whenChanged

Hi msabry06,

good command, can you add me just an export to a csv file?

thanks

here is script to list all users try this first i will check the condition to check if the user disabled?

SET objRootDSE = GETOBJECT("LDAP://RootDSE") 
strExportFile = "C:\temp\MyExport.xls"  
 
strRoot = objRootDSE.GET("DefaultNamingContext") 
strfilter = "(&(objectCategory=Person)(objectClass=User))" 
strAttributes = "sAMAccountName,userPrincipalName,givenName,sn," & _ 
                                "initials,displayName,physicalDeliveryOfficeName," & _ 
                                "telephoneNumber,mail,wWWHomePage,profilePath," & _ 
                                "scriptPath,homeDirectory,homeDrive,title,department," & _ 
                                "company,manager,homePhone,pager,mobile," & _ 
                                "facsimileTelephoneNumber,ipphone,info," & _ 
                                "streetAddress,postOfficeBox,l,st,postalCode,c" 
strScope = "subtree" 
SET cn = CREATEOBJECT("ADODB.Connection") 
SET cmd = CREATEOBJECT("ADODB.Command") 
cn.Provider = "ADsDSOObject" 
cn.Open "Active Directory Provider" 
cmd.ActiveConnection = cn 
 
cmd.Properties("Page Size") = 1000 
 
cmd.commandtext = "<LDAP://" & strRoot & ">;" & strFilter & ";" & _ 
                                   strAttributes & ";" & strScope 
 
SET rs = cmd.EXECUTE 
 
SET objExcel = CREATEOBJECT("Excel.Application") 
SET objWB = objExcel.Workbooks.Add 
SET objSheet = objWB.Worksheets(1) 
 
FOR i = 0 To rs.Fields.Count - 1 
                objSheet.Cells(1, i + 1).Value = rs.Fields(i).Name 
                objSheet.Cells(1, i + 1).Font.Bold = TRUE 
NEXT 
 
objSheet.Range("A2").CopyFromRecordset(rs) 
objWB.SaveAs(strExportFile) 
 
 
rs.close 
cn.close 
SET objSheet = NOTHING 
SET objWB =  NOTHING 
objExcel.Quit() 
SET objExcel = NOTHING 
 
Wscript.echo "Script Finished..Please See " & strExportFile

Select allOpen in new window

Do you just want disabled users with the adfind?

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(useraccountcontrol:AND:=2)" samaccountname whenchanged -tdcas -csv > c:\users.csv

Thanks

Mike

Ok, the problem is to get disabled user but not all of them, just disabled user before 20 days.


sow i need only user disabled and the whenchanged attribute =< 20 days in compare with the date of today.

sorry for my english :)

try this VBS script  please and post the results :

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
    "<LDAP://dc=fabrikam,dc=com>;(&(objectCategory=User)" & _
        "(userAccountControl:1.2.840.113556.1.4.803:=2));Name;Subtree"  
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
Loop

Select allOpen in new window

to export the result to CSV, use the below command

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" -attr distinguishedName whenChanged >d:\listusers.csv

this script show me in the window every disabled user!

i have try it in the AD with only 5 disabled user!

did you notice the line :

"<LDAP://dc=fabrikam,dc=com>

//dc=your DC,dc=com or local depends on your DC Name

Yes, you script work but it show every disabled user in different window.

your script dont use the whenchanged attribute to calculate disabled account in 20days

you need to show user disabled life time = 20 days??

Yes Jordinet

Hello,

To retrieve the whenChanged value for all disabled users:

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" -attr distinguishedName whenChanged

As noted by others, the whenChanged attribute is the date/time of the last change made to the object. This could be when the account was disabled, unless any changes have since been made.

Also if you need the be specified dates then following example is for past 20 days

You can use an LDAP filter to find all disabled users, where the whenChanged attribute is greater than or equal to a date 20 days in the past. For example:

 

Get-ADUser -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=2)(whenChanged>=20111208000000.0Z))" -searchbase "ou=NAME,dc=DC,dc=DC,dc=com" | select sAMAccountName > c:\list_disabled_users.txt

-----

netballi, its a powershell with quest command, it work in 2003 AD?

And i need to get date automatiquely because i need to schedule this.

whenChanged>=20111208000000.0Z=can you modify this to get the date<?

thanks

Hello,

This should help.

Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-90) |sort whenchanged  | ft name,whenchanged -a | export-Csv "C:\details.csv"

netballi,

the result in csv file is in this form:

"27c87ef9bbda4f709f6b4002fa4ac....",,,,,

???

please see this site , its great and have all scripts required for AD scripting including getting disabled accounts you can see it and rebuild your script

http://www.activxperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/users/

wish to you good luck

Did the adfind command not work?

Thanks

Mike

hi mkline71,

not test it because i need to filter disabled account with date "whenchanged " attribute

the age of disabled account must = 20 days

You can do that

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(useraccountcontrol:AND:=2)(whenchanged>=20111001000000.0Z)" samaccountname whenchanged -tdcas -csv  > c:\users.csv

Just modify the date for whenchanged

Thanks

Mike

yes but this command is manually date define, i need it to auto get the date because i need to schedule it :)

Hello,

Just run

Hello,

This should help.

Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-90) |sort whenchanged  | ft name,whenchanged -a

and see if this the onscreen result make any sense.

You should be able to just use dumpsec, export to csv, and filter.

Building on netballi's suggestion, which worked for me, but you have to import the modules first.  I added a line to export the results to a csv to the root of c.

Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-90) |sort whenchanged  | ft name,whenchanged -a | export-csv c:\adusers.csv

Brian, result of command:

the csv file contain the result in this form:


"27c87ef9bbda4f709f6b4002fac",,,,,
"27c87ef9bbda4f709f6b4004af63c",,,,,
"27c87ef9bbda4f709f62fa4af63c",,,,,

????

@cawasaki

again
what is the problem in this command

to export the result to CSV, use the below command

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" -attr distinguishedName whenChanged >d:\listusers.csv

Hi msabry06,

Your command work, but it export all disabled user, i need to get only disabled user with whenchanged date is 20 day older for the actual date.

the command must get the date and only show for exemple the disabled user with whenchanged date is in 12/09/11.  the date today is 12/29/11.

thanks

urgh....ok...download powergui, run this cmd, and you can copy the results and paste it into excel.


http://www.powergui.org/downloads.jspa


Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-90) |sort whenchanged  | ft name,whenchanged -a

Hi brian,

-LastChangedAfter (Get-Date).AddDays(-90) ok it get the correct date, but you not copare it with whenchanged value.

your command export all disabled user and sort it by date!

ok sorry, i may have misunderstood.  what exactly do you need it to do?

i need to delete disabled account with 20 days ago, so the script must export the disabled account with whenchanged date is 20 days ago!. the script must compare with actual date because i need to schedule it :).

I have another script to delete this account from a csv

k.....stay tuned... :)

but just to be clear......

you want to find user accounts that have been disabled for at least 20 days....

when you say actual date, do you mean today's date?

yes today date, for exemple:

user1 i s disabled and have a whenchanged date 12/10/2012
user2 i s disabled and have a whenchanged date 12/22/2012

today date is 12/30/2012.

the script must export only user1

thanks

got cha...researching now

be sure to import modules

Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-90) |sort whenchanged  | ft name,whenchanged -a

Get-QADUser -Disabled -SizeLimit 0 -ErrorAction SilentlyContinue -LastChangedAfter (Get-Date).AddDays(-20) |sort whenchanged  | ft name,whenchanged | Out-File c:\blah.csv


same command :)

ok, so remind me again, what does that not get you or what happens when you execute it?

Ok execute it, it export disabled account between                  12/12/2011 14:57:12     and  29/12/2011 09:56:35.

i need account disabled before 20 days

ok, so it needs to be 20 days before the past 20 days then...not within?  why not use autofilter in excel?

yes, not use excel because:

1-need to schedule it
2-have a second scheduled script to delete this user

:) thanks for help

https://www.experts-exchange.com/questions/27514580/Powershell-Find-Disabled-Users-Based-on-Date.html?anchorAnswerId=37355729#a37355729

any help plz

Hi Ken,

I will test and report.

thanks

thanks Ken and Brian :)

Ken your solution is work