[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Script to find disabled user account and their last login date for selected OU

Posted on 2010-01-07
12
Medium Priority
?
1,300 Views
Last Modified: 2012-05-08
Hi,

I'm wondering if there is any script/ways to export the list of disabled users account and their last login date? The ADUC built in only ables to filter the disabled/export user but not the date. Greatly appreciates if script is provided, thanks.
0
Comment
Question by:otyew
  • 6
  • 4
  • 2
12 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 420 total points
ID: 26206740
Try adfind by MVP Joe Richards
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -bit -f "&(objecategory=person)(objectclass=user)(userAccountControl:AND:=2)" -csv -tdcs samaccountname lastlogontimestamp > c:\disabledusers.csv
Thanks
Mike
0
 
LVL 5

Assisted Solution

by:rparsons1000
rparsons1000 earned 80 total points
ID: 26206750
There is a really cool program that will give you the information called OLDCMP. You can find it at joeware.com.

http://www.joeware.net/freetools/tools/oldcmp/index.htm

Use the syntax:

OldCmp.exe -report -users -onlydisabled
0
 

Author Comment

by:otyew
ID: 26206872
guys,

tested it out and sadly, the server was .exe lockdown. no .exe files were allowed to be created locally
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:otyew
ID: 26206895
this .exe is excutable in any servers connected to the same domain, right?

I had tested the

adfind -default -bit -f "&(objecategory=person)(objectclass=user)(userAccountControl:AND:=2)" -csv -tdcs samaccountname lastlogontimestamp > c:\disabledusers.csv

but nothing there
0
 

Author Comment

by:otyew
ID: 26206917
rparsons1000,

the information does not have the last login date
0
 

Author Comment

by:otyew
ID: 26206944
hi successfully run the adfind but no last login date, the output are as below

"dn","samaccountname","lastlogontimestamp"
"CN=Guest_Who,CN=Users,DC=kerinci,DC=lcl","Guest_Who",""
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 26206958
what is your domain functional level at?
0
 

Author Comment

by:otyew
ID: 26206980
mkline71

the exchange was 'hardened' but the site IT, what I knew is that they had do a lockdown on .pst files on their file servers. but now i had found out that they had do a lockdown on the .exe files on their exchange.

i had run the .exe files at the file servers, i can run it and there is an output text but the query seems to be wrong
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 26207248
Look at my screenshot, that is the example from mylab.   Those accounts that I have set as disabled I usually don't login with so that is why only the test71 account has a value for lastlogontimestamp.
Lastlogontimestamp is only available in W2K3 domain functional level and higher.  Are you at that level?
thanks
Mike

adfind-disabled-llts.jpg
0
 

Author Comment

by:otyew
ID: 26207433

mkline71,

when i tried to use the command, it does not produces anything but if i use something like below, there are some output but not the date. i had one script that output the lastlogin date and it works. do u still think that the account is related to this problem? do i need an AD admin account to generate this? I'm new to AD/exchange, sorry.

C:\Documents and Settings\oithim_ops\Desktop>adfind -default -bit -f "(&objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" -csv -tdcs samaccountname lastlogontimestamp > c:\disabledusers.csv
0
 
LVL 5

Expert Comment

by:rparsons1000
ID: 26209538
The oldcmp does produce a column "lastLogonTimestamp" and in my case shows all 0's if never logged in and it is all accurate. If it is blank or doesn't exeist could mean as mkline 71 said you aren't at server 2003 domain.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 26211058
yes oldcmp is another great tool from joe.  What you are doing there in your query by spelling otu the useraccountcontrol is what adfind does in the background too.
Still interested in knowing your functional level.
Thanks
Mike
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question