[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

NT domain accounts auditing

Posted on 2004-04-23
4
Medium Priority
?
378 Views
Last Modified: 2013-12-04
What is the best method of auditing NT domain accounts for disabled users or accounts that have not logged in for over 3 months on a NT4 PDC and BDC?
0
Comment
Question by:dvanmeter
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Joseph_Moore
ID: 10904749
www.dameware.com

It is what I use. You can use Dameware to query your domain controllers (PDC and BDCs), and get the last login date from all of them. You see, if USERX authenticates one  day on a BDC, then the next day to the PDC, then each domain controller will have a different last login date. So, you need something that will talk to all domain controllers, and tell you the dates for each. Dameware does this, along with so many other things! I've used it for 4 years now, over 2 different employers, and it's great!
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 2000 total points
ID: 10906595
Create a \\YourServer\YourShare\UnUsedUserAccounts.vbs and run it with wscript.exe


On Error Resume Next

Dim oFile, output, sPC, sProgramNavn, sMsgBoxTitle, sDomain, sDays, sRefreshTime, sOldPc
Dim wshShell, oFso, oDomain
Dim bAdminName

      Set WshShell = WScript.CreateObject("WScript.Shell")
      Set oFso=CreateObject("Scripting.FileSystemObject")

      sProgramName="UnusedUserAccounts"
      output="C:\TEMP\" & sProgramName & ".txt"
      sMsgBoxTitle="Check for unused useraccounts"

      sDomain=InputBox("Input DomainName",sMsgBoxTitle,"YourDefaultDomainName")

      If sDomain="" Then
            MsgBox "DomainName missing - try again"
            wScript.Quit
      End If

      sDays=InputBox("Find UserAccounts in " & sDomain & ", who HASN't logged on for more that ... " & vbCrLf & vbCrLf & "Input number of days:",sMsgBoxTitle,"90")

      If sDays="" Then
            MsgBox "Number of days missing - try again."
            wScript.Quit
      End If

      Set oDomain = GetObject("WinNT://" & sDomain)

      If err.number<>0 Then
            MsgBox "ERROR: Can't connect to DomainName " & sDomain
            wScript.Quit
      End If
      
      Set oFile=oFso.CreateTextFile(output)

      oFile.WriteLine "UserAccounts in " & sDomain & ", who HASN't logged on for more than  " & sDays & " days." & vbCrLf
      oFile.WriteLine "Consider to remove them from UserManagerForDomains !!!" & vbCrLf  & vbCrLf
      oFile.WriteLine "LOGONNAME:" & vbTab & vbTab & "NUMBER OF DAYS:"
      oFile.WriteLine "----------" & vbTab & vbTab & "-----------"


      oDomain.Filter = Array("user")
      MsgBox "Press OK,  and wait a couple of minutes ..."

      
      For Each User in oDomain
            sRefreshTime = Now - User.LastLogin
            If CInt(sRefreshTime) >= CInt(sDays) Then
                  bAdminName = False            
                  If User.Name = "Administrator" Then bAdminName = True
                  If bAdminName = False Then Call WriteUser()
            End If                  
      Next

      oFile.WriteLine vbCrlf & vbCrlf
      oFile.WriteLine "Many Regards"
      oFile.WriteLine "IT-Department" & vbCrlf
      oFile.WriteLine sProgramNavn & ".vbs" & vbCrLf & "Date:  " & Now & vbCrLf & vbCrLF
      oFile.WriteLine "IMPORTANT: If there's DomainAdmins or ServiceLogonNames among this output, then contact"
      oFile.WriteLine "IT-Department - phone xxxxxxxxx"
      
      
      wScript.sleep 1000
      WshShell.Run ("%windir%\notepad " & output)

      wScript.sleep 1000
      WshShell.AppActivate "Notepad"

Set oDomain=Nothing
Set Shell=Nothing
Set wshShell=Nothing
Set oFso=Nothing
      
Wscript.Quit
      
      

Sub WriteUser()

      If Left(User.Name,3) <> sOldPc Then oFile.WriteLine ""
                  
      If Len(sDomain & "/" & User.Name) <= 15 Then
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & vbTab & CInt(sRefreshTime)
            Else                              
                  oFile.WriteLine sDomain & "/" & User.Name & vbTab & CInt(sRefreshTime)
      End If
      
      sOldPc = Left(User.Name,3)

End Sub
0
 

Author Comment

by:dvanmeter
ID: 11109510
excellent script, thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11112129
:o) Glad I could help you - thank you for the points
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month20 days, 1 hour left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question