lakhvir
asked on
Generate report out of AD showing the disabled User account(s) with disabling date
I need to generate report out of AD showing the disabled User account(s) with disabling date.
Can this be achieved via ADUC or do you know of a script which I can use to generate the report?
Can this be achieved via ADUC or do you know of a script which I can use to generate the report?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Steven Carnahan
dsquery user DC=<domain>,DC=Com -o upn -disabled
oops - I forgot you also want when it was disabled. I have to defer to mkline71's answer that there really isn't an attribute for that part.
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.
True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)
Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)
Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
true last logon will tell you when the account was disabled??
Moving forward you could get a program like Active Administrator. It isn't a cheap program however it does give you a lot of functionality. It stores changes in it's own database that you can then run reports on.
I have a scheduled report that details who made what changes during the past 24 hours. This includes anyone creating, disabling, deleting or any other changes to accounts. It alerts myself and the compliance committee to any changes made to the Domain Admins group.
You can check it at ScriptLogic: http://www.scriptlogic.com/products/activeadmin/features.asp
There are also many other programs out there that do similar stuff as well.
I have a scheduled report that details who made what changes during the past 24 hours. This includes anyone creating, disabling, deleting or any other changes to accounts. It alerts myself and the compliance committee to any changes made to the Domain Admins group.
You can check it at ScriptLogic: http://www.scriptlogic.com/products/activeadmin/features.asp
There are also many other programs out there that do similar stuff as well.