?
Solved

Search for Account Created in AD between a specific time period

Posted on 2009-07-02
9
Medium Priority
?
668 Views
Last Modified: 2013-12-05
Right now I have a windows 2000 AD domain. IS there a way for me to search in AD for all network account created during a specific time period?
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24769135
Give adfind by MVP Joe Richards a try
http://www.joeware.net/freetools/tools/adfind/index.htm
Scott has a good article here on what you are trying to do
http://blog.scottlowe.org/2006/10/11/finding-recently-created-active-directory-accounts/
So let's say you are trying to find all accounts created between Jan 1, 2009 and May 31, 2009
adfind -default -f  "&(objectcategory=person)(objectclass=users)(whencreated>=20090101000000.0Z)( whencreated<=20090531000000.0Z)"  samaccountname whencreated -tdcgt -nodn -csv > c:\usersCreated.csv
That will output the results to a csv drive on your C drive.  
Take a look at the screenshot from my lab.  
Thanks
Mike

Adfind-WhenCreated.gif
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24771633
Very do I need to install this on my DC or can it be run from my workstation?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774105

Hey :)

The command Mike supplied (and the tool) can be run from any member of the domain (including your workstation or the DC if you prefer).

Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 20

Author Comment

by:compdigit44
ID: 24774338
Very cool..

Also in AD is there a way for me to get a list of account that have been deleted in the past 30 days?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24774389
Sure :)

The date you use is built in the same way as you did above.

ADFind -f "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenChanged>=20090603000000.0Z))" -showdel

You'll find that deleted objects have a seriously limited set of attributes, not everything makes it onto the tombstone.

And note that the two "objectClass=" statements are intentional. There are quite a few differences between the regular domain objects and those which have been deleted.

Chris
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774914
For the synatex to show all user deleted with in a specific time period for example 6/1/09 - 6/30/09 what would i type in?? I tried what you listed above and it keeps showing zero records
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24774938
try
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whencreated>=20090601000000.0Z)(whencreated<=20090630000000.0Z))"  -showdel
See if that gives you records
Thanks
Mike
 
0
 
LVL 20

Author Comment

by:compdigit44
ID: 24774950
nope same thing
Zero records return and I do know account have been removed
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 24774965
hold on I copied and pasted wrong from my last command...sorry about that
 
ADFind -default -f  "(&(objectClass=user)(objectClass=person)(IsDeleted=TRUE)(whenchanged>=20090601000000.0Z)(whenchanged<=20090630000000.0Z))"  -showdel  
does this return anything
adfind -default -showdel -f  "&(objectclass=user)(objectclass=person)(isdeleted=true)"
- that one is not date specific
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question