Solved

NT domain accounts auditing

Posted on 2004-04-23
4
358 Views
Last Modified: 2013-12-04
What is the best method of auditing NT domain accounts for disabled users or accounts that have not logged in for over 3 months on a NT4 PDC and BDC?
0
Comment
Question by:dvanmeter
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Joseph_Moore
ID: 10904749
www.dameware.com

It is what I use. You can use Dameware to query your domain controllers (PDC and BDCs), and get the last login date from all of them. You see, if USERX authenticates one  day on a BDC, then the next day to the PDC, then each domain controller will have a different last login date. So, you need something that will talk to all domain controllers, and tell you the dates for each. Dameware does this, along with so many other things! I've used it for 4 years now, over 2 different employers, and it's great!
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10906595
Create a \\YourServer\YourShare\UnUsedUserAccounts.vbs and run it with wscript.exe


On Error Resume Next

Dim oFile, output, sPC, sProgramNavn, sMsgBoxTitle, sDomain, sDays, sRefreshTime, sOldPc
Dim wshShell, oFso, oDomain
Dim bAdminName

      Set WshShell = WScript.CreateObject("WScript.Shell")
      Set oFso=CreateObject("Scripting.FileSystemObject")

      sProgramName="UnusedUserAccounts"
      output="C:\TEMP\" & sProgramName & ".txt"
      sMsgBoxTitle="Check for unused useraccounts"

      sDomain=InputBox("Input DomainName",sMsgBoxTitle,"YourDefaultDomainName")

      If sDomain="" Then
            MsgBox "DomainName missing - try again"
            wScript.Quit
      End If

      sDays=InputBox("Find UserAccounts in " & sDomain & ", who HASN't logged on for more that ... " & vbCrLf & vbCrLf & "Input number of days:",sMsgBoxTitle,"90")

      If sDays="" Then
            MsgBox "Number of days missing - try again."
            wScript.Quit
      End If

      Set oDomain = GetObject("WinNT://" & sDomain)

      If err.number<>0 Then
            MsgBox "ERROR: Can't connect to DomainName " & sDomain
            wScript.Quit
      End If
      
      Set oFile=oFso.CreateTextFile(output)

      oFile.WriteLine "UserAccounts in " & sDomain & ", who HASN't logged on for more than  " & sDays & " days." & vbCrLf
      oFile.WriteLine "Consider to remove them from UserManagerForDomains !!!" & vbCrLf  & vbCrLf
      oFile.WriteLine "LOGONNAME:" & vbTab & vbTab & "NUMBER OF DAYS:"
      oFile.WriteLine "----------" & vbTab & vbTab & "-----------"


      oDomain.Filter = Array("user")
      MsgBox "Press OK,  and wait a couple of minutes ..."

      
      For Each User in oDomain
            sRefreshTime = Now - User.LastLogin
            If CInt(sRefreshTime) >= CInt(sDays) Then
                  bAdminName = False            
                  If User.Name = "Administrator" Then bAdminName = True
                  If bAdminName = False Then Call WriteUser()
            End If                  
      Next

      oFile.WriteLine vbCrlf & vbCrlf
      oFile.WriteLine "Many Regards"
      oFile.WriteLine "IT-Department" & vbCrlf
      oFile.WriteLine sProgramNavn & ".vbs" & vbCrLf & "Date:  " & Now & vbCrLf & vbCrLF
      oFile.WriteLine "IMPORTANT: If there's DomainAdmins or ServiceLogonNames among this output, then contact"
      oFile.WriteLine "IT-Department - phone xxxxxxxxx"
      
      
      wScript.sleep 1000
      WshShell.Run ("%windir%\notepad " & output)

      wScript.sleep 1000
      WshShell.AppActivate "Notepad"

Set oDomain=Nothing
Set Shell=Nothing
Set wshShell=Nothing
Set oFso=Nothing
      
Wscript.Quit
      
      

Sub WriteUser()

      If Left(User.Name,3) <> sOldPc Then oFile.WriteLine ""
                  
      If Len(sDomain & "/" & User.Name) <= 15 Then
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & vbTab & CInt(sRefreshTime)
            Else                              
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & CInt(sRefreshTime)
      End If
      
      sOldPc = Left(User.Name,3)

End Sub
0
 

Author Comment

by:dvanmeter
ID: 11109510
excellent script, thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11112129
:o) Glad I could help you - thank you for the points
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now