vbscript last login 90 days

neoptoent
neoptoent used Ask the Experts™
on
hi,

I need to use a script to query AD to show account that are dormant (90 days)
With AD you must query all DC's to get all last login, to ensure the data is valid
Then I need to send the results in to a csv

This is very similar to dumpsec, but I need it in VB so I can automate it and parse it


Can anyone help?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
The code below will give you the last time a user account logged on.

Example usage:

LL = lastLogin("CN=John Doe,OU=whatever,OU=whatever,DC=mydomain,DC=local")
wscript.echo LL



Then, just do something like

dy = datediff("d",LL,now)
if dy > 90 then blah blah whatever


HTH,
exx
Set rootDSE = GetObject("LDAP://rootDSE")
DomainDN = rootDSE.Get("defaultNamingContext")
DomainADSPath = "LDAP://" & DomainDN

Function lastLogin(userDN)
	On Error Resume Next
	TrueLastLogin = ""
	Set DCs = GetObject("LDAP://OU=Domain Controllers," & DomainDN)
	For Each DC In DCs
		serverLastLogin = ""
		server = Right(dc.name,Len(dc.name)-3)
		Set usr = GetObject("LDAP://" & server & "/" & userDN)
		serverLastLogin = usr.lastLogin
		If serverLastLogin <> "" Then
			If TrueLastLogin = "" Then 
				TrueLastLogin = serverLastLogin
			ElseIf serverLastLogin > TrueLastLogin Then
				TrueLastLogin = serverLastLogin
			End If
		End If
	Next
	If TrueLastLogin = "" Then TrueLastLogin = "Never"
	lastLogin = TrueLastLogin
End Function

Open in new window

Author

Commented:
right,
 
But I just need a list of all user accounts that have not logged in for 90 days

Commented:
right,

But I just told you how to get it and gave you the code to do so..  ?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial