Solved

Script to determine date of AD user account disabling.

Posted on 2008-10-23
2
1,072 Views
Last Modified: 2012-05-05
I was wondering if anyone had a script or knew of where I could find a VBScript to search an entire OU and determine what date each user account was disabled on and return that to a file? I searched the Internet and couldn't find anything. My problem is that I have a bunch of disabled user accounts but the person who disabled them didn't put a comment in the description field and I need to know when they were disabled. Thank you.
0
Comment
Question by:mcpp661
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
exx1976 earned 250 total points
ID: 22787134
Well, *IF* the accounts haven't been touched since they were disabled, you could always use    modifyTimeStamp

Or there is also              whenChanged


Or, assuming that the last logon was somewhere not too long before the account was disabled, you could use the             lastLogon         or maybe even the    lastLogoff          properties..

0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 250 total points
ID: 22790628
exx is right....whenChanged is about the best you can do, although this doesn't help if say, the account was disabled in May, and then moved to another OU in August, then it would be inaccurate....

AD doesn't keep that information, unfortunately.

Regards,

Rob.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question