Solved

Pull a list of computers from AD that have not logged on in the last 4 weeks

Posted on 2007-03-19
19
287 Views
Last Modified: 2011-09-20
Does anyone have a script or freeware program that will pull a list of computers from AD that have not logged on in the last 4 weeks?
0
Comment
Question by:abshipman
  • 10
  • 6
  • 3
19 Comments
 
LVL 67

Accepted Solution

by:
sirbounty earned 125 total points
ID: 18749524
Try this...

On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

strDomain="dc=company,dc=com"

objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user'"  
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
  Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
  dtLastLogin = objUser.LastLogin
  If Not IsEmpty(dtLastLogin) Then
    If DateDiff("w", Now, dtLastLogin) > 4 Then 'Only proceed if it's been 4 weeks or more since the last login
      wscript.echo objRecordSet.Fields("distinguishedName").Value) & " hasn't logged on in over 4 weeks."
    End If
  objRecordSet.MoveNext
Loop
0
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 125 total points
ID: 18749531
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18749600
Rereading that, this line should be altered:

If DateDiff("w", dtLastLogin, Now) > 4 Then 'Only proceed if it's been 4 weeks or more since the last login
0
 

Author Comment

by:abshipman
ID: 18750242
I am getting the following error.

error line 25
char 66
error expected end of statement
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18750261
Try replacing it with this:

   wscript.echo objRecordSet.Fields("distinguishedName") & " hasn't logged on in over 4 weeks."
0
 

Author Comment

by:abshipman
ID: 18751701
error 'loop' without 'do' on Line 28
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18751717
Actually the If statement wasn't closed properly...replace with this:

Do Until objRecordSet.EOF
  Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
  dtLastLogin = objUser.LastLogin
  If Not IsEmpty(dtLastLogin) Then
    If DateDiff("w", Now, dtLastLogin) > 4 Then 'Only proceed if it's been 4 weeks or more since the last login
      wscript.echo objRecordSet.Fields("distinguishedName").Value) & " hasn't logged on in over 4 weeks."
    End If
  End If '<<added this line
  objRecordSet.MoveNext
Loop
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18751724
I swear I had this working without these errors earlier this morning... : |
Sorry for all the trouble.
0
 

Author Comment

by:abshipman
ID: 18755906
Still getting:
error line 25
char 66
error expected end of statement
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 67

Expert Comment

by:sirbounty
ID: 18756130
Just tested this version with no errors...remember to change the domain...

On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set CN = CreateObject("ADODB.Connection")
Set cmd = CreateObject("ADODB.Command")
CN.Provider = "ADsDSOObject"
CN.Open "Active Directory Provider"
Set cmd.ActiveConnection = CN
cmd.Properties("Page Size") = 1000
cmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE
 
strDomain = "dc=company,dc=com" 'change this line
 
cmd.CommandText = "SELECT adsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user'"
Set objRS = cmd.Execute
objRS.MoveFirst
Do Until objRS.EOF
  Set objUser = GetObject(objRS.Fields("adsPath").Value)
  dtLastLogin = objUser.LastLogin
  If Not IsEmpty(dtLastLogin) Then
    If DateDiff("w", dtLastLogin, Now) > 4 Then 'Only proceed if it's been 4 weeks or more since the last login
      wscript.echo objUser.CN & " hasn't logged on in over 4 weeks."
    End If
  End If
  objRS.MoveNext
Loop
 
0
 

Author Comment

by:abshipman
ID: 18793311
Sorry I went out of town for a couple of days...  this works great.  Is there a way to outpu this to a file?  more points?
0
 

Author Comment

by:abshipman
ID: 18793375
I thought this was going to pull computers?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18796187
I take it by your post that it's not working as expected?
What happened to "this works great"?  :o)
This one's growing a bit stale on my brain...what's it not doing that you need it to?
0
 

Author Comment

by:abshipman
ID: 18801775
It does work great :)  It just pulls the wrong thing.  I need it to pull computers.
0
 
LVL 22

Expert Comment

by:Bartender_1
ID: 18885060
abshipman,

if you change the following line:

cmd.CommandText = "SELECT adsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user'"

to

cmd.CommandText = "SELECT adsPath FROM 'LDAP://" & strDomain & "' WHERE objectCategory='computer'"

It should pull computers that haven't logged on in the past 4 weeks, rather than users.

Great script sirbounty!

:o)

Bartender_1
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18885101
Thanx - sorry I missed the notif on this one... : \
0
 
LVL 22

Expert Comment

by:Bartender_1
ID: 18885389
abshipman,

While I'm sure sirbounty could tell you how to cause the script to write the output to a text file, this may work for you as well:

when executing the script from the command prompt, append the command like this:

cscript <scriptname>.vbs >>lastlogin.txt

That will kick everything the script shows to a file called lastlogin.txt.

A quick question for you sirbounty,
If I was to tell the script to show objects with a date difference > 16, would that correctly show computers/users that haven't logged in in ~4 months? how about if I changed it to 53, would that correctly show someone that hasn't logged in in over a year?

:o)

Bartender_1
0
 
LVL 22

Expert Comment

by:Bartender_1
ID: 18885394
Maybe I should have opened my own question for this.....

Would you prefer I do that sirbounty?

Bartender_1
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18885433
It's fully dependent on the datediff function:

 If DateDiff("w", Now, dtLastLogin) > 4

States: If the difference between "now" and dtLastLogin is greater than 4 "w"eeks...

So, while it's accurate to say "how about if I changed it to 53, would that correctly show someone that hasn't logged in in over a year?", you would be better off using

 If DateDiff("y", Now, dtLastLogin) > 1
Nothing to back it up with, but I believe that route would be a bit more accurate...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
I have published numerous articles here at Experts Exchange that present programs/scripts written in a language called AutoHotkey. Each of those articles has a brief paragraph describing where to download the product and how to install it. I have al…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now