Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

List users not logged in for longer time

Posted on 2011-03-14
4
Medium Priority
?
542 Views
Last Modified: 2012-05-11
Hi there,

I have an environment with users only working for a couple of weeks or months.
Every new user gets a new account.
After leaving the unit, the accounts used to remain untouched.
The accounts are blocked with a policy after 30 days.

Now we have the need to clean up about 250 user accounts not longer valid any more.

Is there a method to list user accounts with criteria like
- Password/Login blocked (by policy)
- last login longer than a given time

thanks for your help

Michael
0
Comment
Question by:michaellandwehr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 35127161
Well, I have a script that creates a csv file with the last logon of users. Perhaps that might help you.

 
Const FILE_OUT = "LastLogon.txt"
' Get time zone adjustment. If GMT is good enough, you can omit all this bias-related logic.
Set oShell = CreateObject("Wscript.Shell")
oBias = oShell.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias")
If VarType(oBias) = vbLong Then
    lBias = oBias
ElseIf VarType(oBias) = vbVariant Then
    lBias = 0
    For iByte = 0 To UBound(oBias)
        lBias = lBias * 256 + oBias(iByte)
    Next
End If
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oFile = oFS.CreateTextFile(FILE_OUT, True)
oFile.WriteLine "distinguishedName" & vbTab & "LastLogon"
Set cnAD = CreateObject("ADODB.Connection")
cnAD.Provider = "ADsDSOObject"
cnAD.Open "Active Directory Provider"
Set cmdQry = CreateObject("ADODB.Command")
Set cmdQry.ActiveConnection = cnAD
Set oRootDSE = GetObject("LDAP://RootDSE")
cmdQry.CommandText = "<LDAP://" & oRootDSE.Get("defaultNamingContext") & ">;(objectCategory=person);distinguishedName;subtree"
cmdQry.Properties("Page Size") = 500
Set rsUsers = cmdQry.Execute()
Do While Not rsUsers.EOF
    sDN = rsUsers("distinguishedName")
    Set oUser = GetObject("LDAP://" & sDN)
    sLastLogon = ""
    On Error Resume Next
    Set oLastLogon = oUser.LastLogon
    If Err = 0 Then
        lHigh = oLastLogon.HighPart
        lLow = oLastLogon.LowPart
        If lLow = 0 And lHigh = 0 Then
        Else
            If lLow < 0 Then
                lHigh = lHigh + 1 ' compensates for API quirk
            End If
            sLastLogon = FormatDateTime((#1/1/1601# + ((lHigh * 2 ^ 32 + lLow) / 600000000 - lBias) / 1440),2)
        End If
    End If
    On Error GoTo 0
    oFile.WriteLine sDN & vbTab & sLastLogon
    rsUsers.MoveNext
Loop
rsUsers.Close
cnAD.Close
oFile.Close

Open in new window

0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 35127840
Use ADFIND.

adfind -f "&(objectcategory=user)(lockouttime>=1)" -dn >>c:\a\lockout.txt
0
 

Author Comment

by:michaellandwehr
ID: 35128556
Hi erniebeek,

Your script solved my problem so far.
I only had to modify lline 43 as it was easier to sort on the date on the first position and to replace  vbTab with "," ( the  vbTab variable did not work)


    oFile.WriteLine sLastLogon & "," & sDN


Thank you very much.

Michael
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35129279
Glad it helped you out :)

And thx for the points.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question