Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Search for Account Created in AD between a specific time period

Posted on 2009-07-02
9
Medium Priority
?
672 Views
Last Modified: 2013-12-05
Right now I have a windows 2000 AD domain. IS there a way for me to search in AD for all network account created during a specific time period?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24769135
Give adfind by MVP Joe Richards a try
http://www.joeware.net/freetools/tools/adfind/index.htm
Scott has a good article here on what you are trying to do
http://blog.scottlowe.org/2006/10/11/finding-recently-created-active-directory-accounts/
So let's say you are trying to find all accounts created between Jan 1, 2009 and May 31, 2009
adfind -default -f  "&(objectcategory=person)(objectclass=users)(whencreated>=20090101000000.0Z)( whencreated<=20090531000000.0Z)"  samaccountname whencreated -tdcgt -nodn -csv > c:\usersCreated.csv
That will output the results to a csv drive on your C drive.  
Take a look at the screenshot from my lab.  
Thanks
Mike

Adfind-WhenCreated.gif
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24771633
Very do I need to install this on my DC or can it be run from my workstation?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774105

Hey :)

The command Mike supplied (and the tool) can be run from any member of the domain (including your workstation or the DC if you prefer).

Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 20

Author Comment

by:compdigit44
ID: 24774338
Very cool..

Also in AD is there a way for me to get a list of account that have been deleted in the past 30 days?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774389
Sure :)

The date you use is built in the same way as you did above.

ADFind -f "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenChanged>=20090603000000.0Z))" -showdel

You'll find that deleted objects have a seriously limited set of attributes, not everything makes it onto the tombstone.

And note that the two "objectClass=" statements are intentional. There are quite a few differences between the regular domain objects and those which have been deleted.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774914
For the synatex to show all user deleted with in a specific time period for example 6/1/09 - 6/30/09 what would i type in?? I tried what you listed above and it keeps showing zero records
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24774938
try
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whencreated>=20090601000000.0Z)(whencreated<=20090630000000.0Z))"  -showdel
See if that gives you records
Thanks
Mike
 
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774950
nope same thing
Zero records return and I do know account have been removed
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 24774965
hold on I copied and pasted wrong from my last command...sorry about that
 
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenchanged>=20090601000000.0Z)(whenchanged<=20090630000000.0Z))"  -showdel  
does this return anything
adfind -default -showdel -f  "&(objectclass=user)(objectclass=person)(isdeleted=true)"
- that one is not date specific
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question