[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 568
  • Last Modified:

Output stale user accounts into log file with only username variables

Hey Experts.  I have a script that I use to dump out stale computer accounts from the domain.  The script dumps these computer names into a format in the log file that can be used by another script to then move these computer accounts.  I want to do the same thing but with user accounts.  Here is what I am trying to use in my batch script:
dsquery user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8 -limit 300 > %logfile%
(for /f "tokens=2,3* delims=,=" %%i in (%logfile%) do @echo %%~i) > c:\tools\staleADPc1-N.log

Open in new window


I'm not getting any useable data so I'm not using the right syntax.  I'm fine using Powershell or a batch script but please provide the code as I'm learning as I go here.  Any suggestions from the real experts?  Thank you!
0
samiam41
Asked:
samiam41
  • 7
  • 4
2 Solutions
 
bepsoccer1Commented:
something like this should work.

$now=get-date
$daysSinceLastLogon=60(whatever your time farme for being stale is)

Get-QADUser | where {
  $_.lastlogontimestamp -and
    (($now-$_.lastlogontimestamp).days -gt $daysSinceLastLogon)
} | export-csv c:\StaleUsers.csv
0
 
oBdACommented:
The problem with your script is that your tokens are designed to parse the default output (cn=SomeUser,OU=SomOU...), but at the same time, you're using "-o RDN", which already echos only the names.
It can be a one-liner in batch:
(for /f "delims=" %%a in ('dsquery.exe user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do echo %%~a)>C:\tools\staleADPc1-N.log

Open in new window

It's easier to understand like this:
@echo off
setlocal
set LogFile=C:\tools\staleADPc1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

0
 
samiam41Author Commented:
@oBdA, thanks for the explanation as I understand what I was doing wrong now (and great to see you again).  When I run the script mentioned in your reply, the data that populates the log file is correct but contains quotation marks:

"CSV8"
"CSV7"
"CSV1"
"CSV17"
"CSV13"

How do I get rid of the quotation marks?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
samiam41Author Commented:
@bepsoccer1, thanks for the reply.  I had to make a couple of changes to the script you suggested and I am including the message window that appears.

Import-Module ActiveDirectory
$now=get-date
$daysSinceLastLogon=60 

Get-ADUser | where {
  $_.lastlogontimestamp -and 
    (($now-$_.lastlogontimestamp).days -gt $daysSinceLastLogon)
} | export-csv c:\Tools\StaleUsers.csv

Open in new window


I'm not sure if you meant GET-QADUser or GET-ADUser but I used the later as I figured that is what you meant.  Let me know what you think about the window that popped up when I ran the script.

**Edit:  I'm not sure why it won't let me attach or insert a pic.  I'm working on that now.
0
 
oBdACommented:
Shouldn't be the case and doesn't here (I thought that was the point of the "for /f", otherwise you could just redirect the "dsquery -o rdn" output directly).
Make sure the tilde ("~") is there when addressing the loop variable, it strips away surrounding quotes: echo %%~a
0
 
samiam41Author Commented:
oBdA, my apologies.  I was looking at an older log file I was testing with previously.  

When I run this code (please verify I have the values correct), I get this message:

C:\Tools>staleaduser
dsquery failed:'Depts' is an unknown parameter.
type dsquery /? for help.

When I run the command dsquery user from the command prompt, no problem.  The same when I run the entire "dsquery user ou=x,dc=x -inactive 8" command.  I do have the OU and DC fields populated correctly as I took them from another script that works.  Thoughts?

@echo off
setlocal
set LogFile=C:\tools\staleADUser1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user OU=x,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

No log or output file is being created when this script runs, for what its worth.
0
 
oBdACommented:
Sorry, tested this without specifying the search root and then just pasted your DN in. Put double quotes around the DN:
@echo off
setlocal
set LogFile=C:\tools\staleADPc1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user "OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x" -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

0
 
samiam41Author Commented:
Progress!!

The output file is in the right format however I'm getting the "display name" not the user's "logon name" (jjones)

Output > Jones, JJ  (xx)
Logon name > JJones
0
 
oBdACommented:
That's actually not the display name, but the AD object's name (or RDN, Relative Distinguished Name).
Just replace "-o rdn" with "-o samid" in your dsquery command.
0
 
samiam41Author Commented:
Wait, I think I figured it out.  I use -o samid instead of -o rdn

Yes?
0
 
samiam41Author Commented:
Hahahaha!!  That's funny.  How many milliseconds in-between those two posts were there?

Thanks oBdA!
0
 
samiam41Author Commented:
Great working with you again!  I really appreciate you explaining the answer instead of just posting the code.  That really helps me (and I'm sure others) learn so much quicker.  Take care and I look forward to working with you again.

-Aaron
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now