Solved

NT domain accounts auditing

Posted on 2004-04-23
4
368 Views
Last Modified: 2013-12-04
What is the best method of auditing NT domain accounts for disabled users or accounts that have not logged in for over 3 months on a NT4 PDC and BDC?
0
Comment
Question by:dvanmeter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Joseph_Moore
ID: 10904749
www.dameware.com

It is what I use. You can use Dameware to query your domain controllers (PDC and BDCs), and get the last login date from all of them. You see, if USERX authenticates one  day on a BDC, then the next day to the PDC, then each domain controller will have a different last login date. So, you need something that will talk to all domain controllers, and tell you the dates for each. Dameware does this, along with so many other things! I've used it for 4 years now, over 2 different employers, and it's great!
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10906595
Create a \\YourServer\YourShare\UnUsedUserAccounts.vbs and run it with wscript.exe


On Error Resume Next

Dim oFile, output, sPC, sProgramNavn, sMsgBoxTitle, sDomain, sDays, sRefreshTime, sOldPc
Dim wshShell, oFso, oDomain
Dim bAdminName

      Set WshShell = WScript.CreateObject("WScript.Shell")
      Set oFso=CreateObject("Scripting.FileSystemObject")

      sProgramName="UnusedUserAccounts"
      output="C:\TEMP\" & sProgramName & ".txt"
      sMsgBoxTitle="Check for unused useraccounts"

      sDomain=InputBox("Input DomainName",sMsgBoxTitle,"YourDefaultDomainName")

      If sDomain="" Then
            MsgBox "DomainName missing - try again"
            wScript.Quit
      End If

      sDays=InputBox("Find UserAccounts in " & sDomain & ", who HASN't logged on for more that ... " & vbCrLf & vbCrLf & "Input number of days:",sMsgBoxTitle,"90")

      If sDays="" Then
            MsgBox "Number of days missing - try again."
            wScript.Quit
      End If

      Set oDomain = GetObject("WinNT://" & sDomain)

      If err.number<>0 Then
            MsgBox "ERROR: Can't connect to DomainName " & sDomain
            wScript.Quit
      End If
      
      Set oFile=oFso.CreateTextFile(output)

      oFile.WriteLine "UserAccounts in " & sDomain & ", who HASN't logged on for more than  " & sDays & " days." & vbCrLf
      oFile.WriteLine "Consider to remove them from UserManagerForDomains !!!" & vbCrLf  & vbCrLf
      oFile.WriteLine "LOGONNAME:" & vbTab & vbTab & "NUMBER OF DAYS:"
      oFile.WriteLine "----------" & vbTab & vbTab & "-----------"


      oDomain.Filter = Array("user")
      MsgBox "Press OK,  and wait a couple of minutes ..."

      
      For Each User in oDomain
            sRefreshTime = Now - User.LastLogin
            If CInt(sRefreshTime) >= CInt(sDays) Then
                  bAdminName = False            
                  If User.Name = "Administrator" Then bAdminName = True
                  If bAdminName = False Then Call WriteUser()
            End If                  
      Next

      oFile.WriteLine vbCrlf & vbCrlf
      oFile.WriteLine "Many Regards"
      oFile.WriteLine "IT-Department" & vbCrlf
      oFile.WriteLine sProgramNavn & ".vbs" & vbCrLf & "Date:  " & Now & vbCrLf & vbCrLF
      oFile.WriteLine "IMPORTANT: If there's DomainAdmins or ServiceLogonNames among this output, then contact"
      oFile.WriteLine "IT-Department - phone xxxxxxxxx"
      
      
      wScript.sleep 1000
      WshShell.Run ("%windir%\notepad " & output)

      wScript.sleep 1000
      WshShell.AppActivate "Notepad"

Set oDomain=Nothing
Set Shell=Nothing
Set wshShell=Nothing
Set oFso=Nothing
      
Wscript.Quit
      
      

Sub WriteUser()

      If Left(User.Name,3) <> sOldPc Then oFile.WriteLine ""
                  
      If Len(sDomain & "/" & User.Name) <= 15 Then
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & vbTab & CInt(sRefreshTime)
            Else                              
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & CInt(sRefreshTime)
      End If
      
      sOldPc = Left(User.Name,3)

End Sub
0
 

Author Comment

by:dvanmeter
ID: 11109510
excellent script, thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11112129
:o) Glad I could help you - thank you for the points
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question