Solved

Script to determine date of AD user account disabling.

Posted on 2008-10-23
2
1,069 Views
Last Modified: 2012-05-05
I was wondering if anyone had a script or knew of where I could find a VBScript to search an entire OU and determine what date each user account was disabled on and return that to a file? I searched the Internet and couldn't find anything. My problem is that I have a bunch of disabled user accounts but the person who disabled them didn't put a comment in the description field and I need to know when they were disabled. Thank you.
0
Comment
Question by:mcpp661
2 Comments
 
LVL 18

Accepted Solution

by:
exx1976 earned 250 total points
ID: 22787134
Well, *IF* the accounts haven't been touched since they were disabled, you could always use    modifyTimeStamp

Or there is also              whenChanged


Or, assuming that the last logon was somewhere not too long before the account was disabled, you could use the             lastLogon         or maybe even the    lastLogoff          properties..

0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 250 total points
ID: 22790628
exx is right....whenChanged is about the best you can do, although this doesn't help if say, the account was disabled in May, and then moved to another OU in August, then it would be inaccurate....

AD doesn't keep that information, unfortunately.

Regards,

Rob.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question