Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Script to determine date of AD user account disabling.

Posted on 2008-10-23
2
Medium Priority
?
1,077 Views
Last Modified: 2012-05-05
I was wondering if anyone had a script or knew of where I could find a VBScript to search an entire OU and determine what date each user account was disabled on and return that to a file? I searched the Internet and couldn't find anything. My problem is that I have a bunch of disabled user accounts but the person who disabled them didn't put a comment in the description field and I need to know when they were disabled. Thank you.
0
Comment
Question by:mcpp661
2 Comments
 
LVL 18

Accepted Solution

by:
exx1976 earned 1000 total points
ID: 22787134
Well, *IF* the accounts haven't been touched since they were disabled, you could always use    modifyTimeStamp

Or there is also              whenChanged


Or, assuming that the last logon was somewhere not too long before the account was disabled, you could use the             lastLogon         or maybe even the    lastLogoff          properties..

0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 1000 total points
ID: 22790628
exx is right....whenChanged is about the best you can do, although this doesn't help if say, the account was disabled in May, and then moved to another OU in August, then it would be inaccurate....

AD doesn't keep that information, unfortunately.

Regards,

Rob.
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question