• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 281
  • Last Modified:

Generate report out of AD showing the disabled User account(s) with disabling date

I need to generate report out of AD showing the disabled User account(s) with disabling date.
Can this be achieved via ADUC or do you know of a script which I can use to generate the report?
0
lakhvir
Asked:
lakhvir
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Try adfind by MVP Joe Richards

http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -default -bit -f "&(objecategory=person)(objectclass=user)(userAccountControl:AND:=2)" -csv -tdcs samaccountname whenchanged > c:\disabledusers.csv

There is a nice free GUI tool called adinfo that may help too

http://www.cjwdev.co.uk/Software/ADReportingTool/Info.

There is no attribute for when the account is disabled.  There is a whenchanged attribute but that doesn't mean when disabled.


Thanks
Mike
0
 
pony10usCommented:
dsquery user DC=<domain>,DC=Com -o upn -disabled
0
 
pony10usCommented:
oops - I forgot you also want when it was disabled.  I have to defer to mkline71's answer that there really isn't an attribute for that part.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SandeshdubeyCommented:
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp 
0
 
Mike KlineCommented:
true last logon will tell you when the account was disabled??
0
 
pony10usCommented:
Moving forward you could get a program like Active Administrator. It isn't a cheap program however it does give you a lot of functionality. It stores changes in it's own database that you can then run reports on.

I have a scheduled report that details who made what changes during the past 24 hours. This includes anyone creating, disabling, deleting or any other changes to accounts.  It alerts myself and the compliance committee to any changes made to the Domain Admins group.

You can check it at ScriptLogic:  http://www.scriptlogic.com/products/activeadmin/features.asp

There are also many other programs out there that do similar stuff as well.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now