Solved

NT domain accounts auditing

Posted on 2004-04-23
4
362 Views
Last Modified: 2013-12-04
What is the best method of auditing NT domain accounts for disabled users or accounts that have not logged in for over 3 months on a NT4 PDC and BDC?
0
Comment
Question by:dvanmeter
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Joseph_Moore
ID: 10904749
www.dameware.com

It is what I use. You can use Dameware to query your domain controllers (PDC and BDCs), and get the last login date from all of them. You see, if USERX authenticates one  day on a BDC, then the next day to the PDC, then each domain controller will have a different last login date. So, you need something that will talk to all domain controllers, and tell you the dates for each. Dameware does this, along with so many other things! I've used it for 4 years now, over 2 different employers, and it's great!
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10906595
Create a \\YourServer\YourShare\UnUsedUserAccounts.vbs and run it with wscript.exe


On Error Resume Next

Dim oFile, output, sPC, sProgramNavn, sMsgBoxTitle, sDomain, sDays, sRefreshTime, sOldPc
Dim wshShell, oFso, oDomain
Dim bAdminName

      Set WshShell = WScript.CreateObject("WScript.Shell")
      Set oFso=CreateObject("Scripting.FileSystemObject")

      sProgramName="UnusedUserAccounts"
      output="C:\TEMP\" & sProgramName & ".txt"
      sMsgBoxTitle="Check for unused useraccounts"

      sDomain=InputBox("Input DomainName",sMsgBoxTitle,"YourDefaultDomainName")

      If sDomain="" Then
            MsgBox "DomainName missing - try again"
            wScript.Quit
      End If

      sDays=InputBox("Find UserAccounts in " & sDomain & ", who HASN't logged on for more that ... " & vbCrLf & vbCrLf & "Input number of days:",sMsgBoxTitle,"90")

      If sDays="" Then
            MsgBox "Number of days missing - try again."
            wScript.Quit
      End If

      Set oDomain = GetObject("WinNT://" & sDomain)

      If err.number<>0 Then
            MsgBox "ERROR: Can't connect to DomainName " & sDomain
            wScript.Quit
      End If
      
      Set oFile=oFso.CreateTextFile(output)

      oFile.WriteLine "UserAccounts in " & sDomain & ", who HASN't logged on for more than  " & sDays & " days." & vbCrLf
      oFile.WriteLine "Consider to remove them from UserManagerForDomains !!!" & vbCrLf  & vbCrLf
      oFile.WriteLine "LOGONNAME:" & vbTab & vbTab & "NUMBER OF DAYS:"
      oFile.WriteLine "----------" & vbTab & vbTab & "-----------"


      oDomain.Filter = Array("user")
      MsgBox "Press OK,  and wait a couple of minutes ..."

      
      For Each User in oDomain
            sRefreshTime = Now - User.LastLogin
            If CInt(sRefreshTime) >= CInt(sDays) Then
                  bAdminName = False            
                  If User.Name = "Administrator" Then bAdminName = True
                  If bAdminName = False Then Call WriteUser()
            End If                  
      Next

      oFile.WriteLine vbCrlf & vbCrlf
      oFile.WriteLine "Many Regards"
      oFile.WriteLine "IT-Department" & vbCrlf
      oFile.WriteLine sProgramNavn & ".vbs" & vbCrLf & "Date:  " & Now & vbCrLf & vbCrLF
      oFile.WriteLine "IMPORTANT: If there's DomainAdmins or ServiceLogonNames among this output, then contact"
      oFile.WriteLine "IT-Department - phone xxxxxxxxx"
      
      
      wScript.sleep 1000
      WshShell.Run ("%windir%\notepad " & output)

      wScript.sleep 1000
      WshShell.AppActivate "Notepad"

Set oDomain=Nothing
Set Shell=Nothing
Set wshShell=Nothing
Set oFso=Nothing
      
Wscript.Quit
      
      

Sub WriteUser()

      If Left(User.Name,3) <> sOldPc Then oFile.WriteLine ""
                  
      If Len(sDomain & "/" & User.Name) <= 15 Then
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & vbTab & CInt(sRefreshTime)
            Else                              
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & CInt(sRefreshTime)
      End If
      
      sOldPc = Left(User.Name,3)

End Sub
0
 

Author Comment

by:dvanmeter
ID: 11109510
excellent script, thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11112129
:o) Glad I could help you - thank you for the points
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security, hackers 10 119
Firewall -- detecting ex-owner activity ? 1 42
Determining & validating if my SSL certificate is using SHA-2 cipher ? 15 108
UAC Controls - confused 9 78
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now