Solved

Search for Account Created in AD between a specific time period

Posted on 2009-07-02
9
667 Views
Last Modified: 2013-12-05
Right now I have a windows 2000 AD domain. IS there a way for me to search in AD for all network account created during a specific time period?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24769135
Give adfind by MVP Joe Richards a try
http://www.joeware.net/freetools/tools/adfind/index.htm
Scott has a good article here on what you are trying to do
http://blog.scottlowe.org/2006/10/11/finding-recently-created-active-directory-accounts/
So let's say you are trying to find all accounts created between Jan 1, 2009 and May 31, 2009
adfind -default -f  "&(objectcategory=person)(objectclass=users)(whencreated>=20090101000000.0Z)( whencreated<=20090531000000.0Z)"  samaccountname whencreated -tdcgt -nodn -csv > c:\usersCreated.csv
That will output the results to a csv drive on your C drive.  
Take a look at the screenshot from my lab.  
Thanks
Mike

Adfind-WhenCreated.gif
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24771633
Very do I need to install this on my DC or can it be run from my workstation?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774105

Hey :)

The command Mike supplied (and the tool) can be run from any member of the domain (including your workstation or the DC if you prefer).

Chris
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 20

Author Comment

by:compdigit44
ID: 24774338
Very cool..

Also in AD is there a way for me to get a list of account that have been deleted in the past 30 days?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774389
Sure :)

The date you use is built in the same way as you did above.

ADFind -f "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenChanged>=20090603000000.0Z))" -showdel

You'll find that deleted objects have a seriously limited set of attributes, not everything makes it onto the tombstone.

And note that the two "objectClass=" statements are intentional. There are quite a few differences between the regular domain objects and those which have been deleted.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774914
For the synatex to show all user deleted with in a specific time period for example 6/1/09 - 6/30/09 what would i type in?? I tried what you listed above and it keeps showing zero records
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24774938
try
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whencreated>=20090601000000.0Z)(whencreated<=20090630000000.0Z))"  -showdel
See if that gives you records
Thanks
Mike
 
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774950
nope same thing
Zero records return and I do know account have been removed
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24774965
hold on I copied and pasted wrong from my last command...sorry about that
 
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenchanged>=20090601000000.0Z)(whenchanged<=20090630000000.0Z))"  -showdel  
does this return anything
adfind -default -showdel -f  "&(objectclass=user)(objectclass=person)(isdeleted=true)"
- that one is not date specific
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question