?
Solved

NT domain accounts auditing

Posted on 2004-04-23
4
Medium Priority
?
370 Views
Last Modified: 2013-12-04
What is the best method of auditing NT domain accounts for disabled users or accounts that have not logged in for over 3 months on a NT4 PDC and BDC?
0
Comment
Question by:dvanmeter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Joseph_Moore
ID: 10904749
www.dameware.com

It is what I use. You can use Dameware to query your domain controllers (PDC and BDCs), and get the last login date from all of them. You see, if USERX authenticates one  day on a BDC, then the next day to the PDC, then each domain controller will have a different last login date. So, you need something that will talk to all domain controllers, and tell you the dates for each. Dameware does this, along with so many other things! I've used it for 4 years now, over 2 different employers, and it's great!
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 2000 total points
ID: 10906595
Create a \\YourServer\YourShare\UnUsedUserAccounts.vbs and run it with wscript.exe


On Error Resume Next

Dim oFile, output, sPC, sProgramNavn, sMsgBoxTitle, sDomain, sDays, sRefreshTime, sOldPc
Dim wshShell, oFso, oDomain
Dim bAdminName

      Set WshShell = WScript.CreateObject("WScript.Shell")
      Set oFso=CreateObject("Scripting.FileSystemObject")

      sProgramName="UnusedUserAccounts"
      output="C:\TEMP\" & sProgramName & ".txt"
      sMsgBoxTitle="Check for unused useraccounts"

      sDomain=InputBox("Input DomainName",sMsgBoxTitle,"YourDefaultDomainName")

      If sDomain="" Then
            MsgBox "DomainName missing - try again"
            wScript.Quit
      End If

      sDays=InputBox("Find UserAccounts in " & sDomain & ", who HASN't logged on for more that ... " & vbCrLf & vbCrLf & "Input number of days:",sMsgBoxTitle,"90")

      If sDays="" Then
            MsgBox "Number of days missing - try again."
            wScript.Quit
      End If

      Set oDomain = GetObject("WinNT://" & sDomain)

      If err.number<>0 Then
            MsgBox "ERROR: Can't connect to DomainName " & sDomain
            wScript.Quit
      End If
      
      Set oFile=oFso.CreateTextFile(output)

      oFile.WriteLine "UserAccounts in " & sDomain & ", who HASN't logged on for more than  " & sDays & " days." & vbCrLf
      oFile.WriteLine "Consider to remove them from UserManagerForDomains !!!" & vbCrLf  & vbCrLf
      oFile.WriteLine "LOGONNAME:" & vbTab & vbTab & "NUMBER OF DAYS:"
      oFile.WriteLine "----------" & vbTab & vbTab & "-----------"


      oDomain.Filter = Array("user")
      MsgBox "Press OK,  and wait a couple of minutes ..."

      
      For Each User in oDomain
            sRefreshTime = Now - User.LastLogin
            If CInt(sRefreshTime) >= CInt(sDays) Then
                  bAdminName = False            
                  If User.Name = "Administrator" Then bAdminName = True
                  If bAdminName = False Then Call WriteUser()
            End If                  
      Next

      oFile.WriteLine vbCrlf & vbCrlf
      oFile.WriteLine "Many Regards"
      oFile.WriteLine "IT-Department" & vbCrlf
      oFile.WriteLine sProgramNavn & ".vbs" & vbCrLf & "Date:  " & Now & vbCrLf & vbCrLF
      oFile.WriteLine "IMPORTANT: If there's DomainAdmins or ServiceLogonNames among this output, then contact"
      oFile.WriteLine "IT-Department - phone xxxxxxxxx"
      
      
      wScript.sleep 1000
      WshShell.Run ("%windir%\notepad " & output)

      wScript.sleep 1000
      WshShell.AppActivate "Notepad"

Set oDomain=Nothing
Set Shell=Nothing
Set wshShell=Nothing
Set oFso=Nothing
      
Wscript.Quit
      
      

Sub WriteUser()

      If Left(User.Name,3) <> sOldPc Then oFile.WriteLine ""
                  
      If Len(sDomain & "/" & User.Name) <= 15 Then
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & vbTab & CInt(sRefreshTime)
            Else                              
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & CInt(sRefreshTime)
      End If
      
      sOldPc = Left(User.Name,3)

End Sub
0
 

Author Comment

by:dvanmeter
ID: 11109510
excellent script, thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11112129
:o) Glad I could help you - thank you for the points
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question