What does this LastLogonTimeStamp VBS script do?

I inherited the job of archiving and deleting stale user accounts in out Windows 2003 AD.  I was left the following script and I wanted to know exactly what the script is doing and is exporting its findings to a text file.

On Error Resume Next
Set colItems = GetObject("LDAP://OU=Users, OU=MYSITE, OU=Users, OU=Z - Sites, OU=MYORG, OU=SYSTEM, DC=system, DC=ic, DC=gov")
colItems.Filter = Array("User")
For Each objItem in colItems
      set objLogon = objItem.Get("lastLogon")
      intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
      intLogonTime = intLogonTime / (60 * 10000000)
      intLogonTime = intLogonTime / 1440 + #1/1/1601#
      If intLogonTime < #1/1/2008# and intLogonTime > #1/1/1601# Then
            WScript.Echo objItem.CN & ", " & intLogonTime
            Else If intLogonTime = #1/1/1601# Then
                  WScript.Echo objItem.CN & " - User never logged on."
            End If
      End If
Next
mrstatonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Krys_KCommented:
Hi there
I've annottated the script for you to help you understand what is going on. Basically, this script will bind to each user to get their last logon timestamp stored in the attribute called LastLogon.
Thisngs to note about this:
If only 1 domain controller exists then this is fine, otherwise, if more than 1 DC exists then this value will ideally need to be gotten from each DC as its not a replicated attribute, therefore, if a user has loggd onto / off many DC's then the attribute value will be different on each, thus giving you incorrect results.
Hope this helps
Regards
Krystian


' This will continue the script even if an error occurs (basically menas that you, the scripter, has control over catching errors yourself as/when they could occur)
On Error Resume Next
 
' This line binds to the Users OU in the AD Domain System.IC.GOV
Set colItems = GetObject("LDAP://OU=Users, OU=MYSITE, OU=Users, OU=Z - Sites, OU=MYORG, OU=SYSTEM, DC=system, DC=ic, DC=gov")
 
' This line filters all objects in that User OU to only get Users
colItems.Filter = Array("User")
 
' We now loop each user found
For Each objItem in colItems
 
' We get the current users LastLogon timestamp (is a raw integer8 value)
      set objLogon = objItem.Get("lastLogon")
 
' As this attribute holds a Large Integer value (64bit) we need to break it into 2 32 bit values for ease
      intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
 
' Now we convert the value into a proper date value
      intLogonTime = intLogonTime / (60 * 10000000)
      intLogonTime = intLogonTime / 1440 + #1/1/1601#
 
' If the date is between 1/1/1601 and 1/1/2008 then we get when the user last logged on
      If intLogonTime < #1/1/2008# and intLogonTime > #1/1/1601# Then
            WScript.Echo objItem.CN & ", " & intLogonTime
 
' Otherwise the user has never logged on - this is outputted in a message box / command prompt (if script run in CMD.exe)
            Else If intLogonTime = #1/1/1601# Then
                  WScript.Echo objItem.CN & " - User never logged on."
            End If
      End If
 
' This just goes round the beginning of the loop if there are still more users to work on
Next

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mrstatonAuthor Commented:
I thought this particular script was written to find the lastlogontimestamp by querying all the DCs in the SYSTEMS domain.  It seem that you are saying that I would have to run this script on all of the DCs in the SYSTEM domain.
Is there any script or program that will show the truelastlogontimestamp.
 
0
RobSampsonCommented:
Yes, there are scripts that will automatically query all of your DCs.  Check out the bottom script on this page:
http://www.rlmueller.net/Last%20Logon.htm

and there are also some variations of that  here on EE....a search for LastLogonTimeStamp should bring up a few.

Regards,

Rob.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.