AD 2003 Query
Hello EEs
In my AD 2003 environment, I need to create a query of the Day since Last logon in increments of 30-180 days. I can locate this in the New Query creation box, however, I am looking at querying a created container in the OU.
Is it possible to locate the logon dates of any container in the OU with these dates? If so, please advise.
I see the Common Queries selection in the Find drop down box which has the option to select the dates, however, I am unable to run a successful query. I have ran a query that locates all these containers, now I just need to associate them with their logon dates.
In my AD 2003 environment, I need to create a query of the Day since Last logon in increments of 30-180 days. I can locate this in the New Query creation box, however, I am looking at querying a created container in the OU.
Is it possible to locate the logon dates of any container in the OU with these dates? If so, please advise.
I see the Common Queries selection in the Find drop down box which has the option to select the dates, however, I am unable to run a successful query. I have ran a query that locates all these containers, now I just need to associate them with their logon dates.
ASKER
Yes, but Org boxes, not the Users container.
Okay, but you still want the value from the users, right? :)
LastLogon is a bit of a tricky one, it doesn't replicate which means you'll get different values for it depending on the Domain Controller you ask.
Do you have more than one Domain Controller?
As an alternative there's lastLogonTimeStamp, this value replicates meaning you can check it anywhere but can be up to 14 days out of date. If you wish to use AD Users and Computers you'd have to put up with it, otherwise scripting is going to be required (not much bother, there are a lot of pre-built scripts for this).
Chris
ASKER
All I require is if teh Org Boxes are stale past certain dates..30-180...Several DCs here, and I prefer not to do a script since I am new here. On the Org Boxes under the Object tab there is the Modified date, however, this is different from the last logon when I look at the actual mailbox.
So at this point, I need to look at each mailbox and verify the last logon and write it down seperatly?
So at this point, I need to look at each mailbox and verify the last logon and write it down seperatly?
Exchange will store a last logon for a mailbox, but that isn't necessarily for the user who owns the mailbox (it also stores which account did).
In AD you have either lastLogon, or lastLogonTimeStamp the first is accurate, but will need scripting to get accuracy. lastLogonTimeStamp can be queried easily, a bit of an advantage, but accuracy is down with the limited updates.
lastModified is really that, every change to the account, from password changes, to attribute updates will change that value.
Which do you actually need?
You know, you might think about grabbing OldCmp, the name suggests it's for computers only, but it will work for user accounts. It will generate a pretty report containing every attribute which can be used to determine whether an account is stale or not.
http://www.joeware.net/freetools/tools/oldcmp/index.htm
No scripting required :)
Chris
ASKER
I need the last logon date of these Org boxes, reason is to begin cleanup on old boxes that have not been used in x days. I was tasked with locating all of them, which I have, over 500 of them, now I need to associate the last logon date with them so deletion can begin. I do not want to d/l and tools to complete this task, that decision is up to my supervisor, however, I all require is the last logon for all these boxes and presumed the query could do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks chris
Containers? As in Users?
Chris