Solved

Output stale user accounts into log file with only username variables

Posted on 2013-06-11
12
553 Views
Last Modified: 2013-06-12
Hey Experts.  I have a script that I use to dump out stale computer accounts from the domain.  The script dumps these computer names into a format in the log file that can be used by another script to then move these computer accounts.  I want to do the same thing but with user accounts.  Here is what I am trying to use in my batch script:
dsquery user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8 -limit 300 > %logfile%
(for /f "tokens=2,3* delims=,=" %%i in (%logfile%) do @echo %%~i) > c:\tools\staleADPc1-N.log

Open in new window


I'm not getting any useable data so I'm not using the right syntax.  I'm fine using Powershell or a batch script but please provide the code as I'm learning as I go here.  Any suggestions from the real experts?  Thank you!
0
Comment
Question by:samiam41
  • 7
  • 4
12 Comments
 
LVL 4

Expert Comment

by:bepsoccer1
ID: 39239238
something like this should work.

$now=get-date
$daysSinceLastLogon=60(whatever your time farme for being stale is)

Get-QADUser | where {
  $_.lastlogontimestamp -and
    (($now-$_.lastlogontimestamp).days -gt $daysSinceLastLogon)
} | export-csv c:\StaleUsers.csv
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39239288
The problem with your script is that your tokens are designed to parse the default output (cn=SomeUser,OU=SomOU...), but at the same time, you're using "-o RDN", which already echos only the names.
It can be a one-liner in batch:
(for /f "delims=" %%a in ('dsquery.exe user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do echo %%~a)>C:\tools\staleADPc1-N.log

Open in new window

It's easier to understand like this:
@echo off
setlocal
set LogFile=C:\tools\staleADPc1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

0
 
LVL 9

Author Comment

by:samiam41
ID: 39241017
@oBdA, thanks for the explanation as I understand what I was doing wrong now (and great to see you again).  When I run the script mentioned in your reply, the data that populates the log file is correct but contains quotation marks:

"CSV8"
"CSV7"
"CSV1"
"CSV17"
"CSV13"

How do I get rid of the quotation marks?
0
 
LVL 9

Author Comment

by:samiam41
ID: 39241046
@bepsoccer1, thanks for the reply.  I had to make a couple of changes to the script you suggested and I am including the message window that appears.

Import-Module ActiveDirectory
$now=get-date
$daysSinceLastLogon=60 

Get-ADUser | where {
  $_.lastlogontimestamp -and 
    (($now-$_.lastlogontimestamp).days -gt $daysSinceLastLogon)
} | export-csv c:\Tools\StaleUsers.csv

Open in new window


I'm not sure if you meant GET-QADUser or GET-ADUser but I used the later as I figured that is what you meant.  Let me know what you think about the window that popped up when I ran the script.

**Edit:  I'm not sure why it won't let me attach or insert a pic.  I'm working on that now.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39241060
Shouldn't be the case and doesn't here (I thought that was the point of the "for /f", otherwise you could just redirect the "dsquery -o rdn" output directly).
Make sure the tilde ("~") is there when addressing the loop variable, it strips away surrounding quotes: echo %%~a
0
 
LVL 9

Author Comment

by:samiam41
ID: 39241098
oBdA, my apologies.  I was looking at an older log file I was testing with previously.  

When I run this code (please verify I have the values correct), I get this message:

C:\Tools>staleaduser
dsquery failed:'Depts' is an unknown parameter.
type dsquery /? for help.

When I run the command dsquery user from the command prompt, no problem.  The same when I run the entire "dsquery user ou=x,dc=x -inactive 8" command.  I do have the OU and DC fields populated correctly as I took them from another script that works.  Thoughts?

@echo off
setlocal
set LogFile=C:\tools\staleADUser1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user OU=x,OU=x,DC=x,DC=x,DC=x,DC=x -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

No log or output file is being created when this script runs, for what its worth.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 500 total points
ID: 39241118
Sorry, tested this without specifying the search root and then just pasted your DN in. Put double quotes around the DN:
@echo off
setlocal
set LogFile=C:\tools\staleADPc1-N.log
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery.exe user "OU=Depts,OU=x,DC=x,DC=x,DC=x,DC=x" -o rdn -limit 0 -inactive 8') do (
	echo %%~a
	>>"%LogFile%" echo %%~a
)

Open in new window

0
 
LVL 9

Author Comment

by:samiam41
ID: 39241139
Progress!!

The output file is in the right format however I'm getting the "display name" not the user's "logon name" (jjones)

Output > Jones, JJ  (xx)
Logon name > JJones
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 39241174
That's actually not the display name, but the AD object's name (or RDN, Relative Distinguished Name).
Just replace "-o rdn" with "-o samid" in your dsquery command.
0
 
LVL 9

Author Comment

by:samiam41
ID: 39241176
Wait, I think I figured it out.  I use -o samid instead of -o rdn

Yes?
0
 
LVL 9

Author Comment

by:samiam41
ID: 39241182
Hahahaha!!  That's funny.  How many milliseconds in-between those two posts were there?

Thanks oBdA!
0
 
LVL 9

Author Closing Comment

by:samiam41
ID: 39241194
Great working with you again!  I really appreciate you explaining the answer instead of just posting the code.  That really helps me (and I'm sure others) learn so much quicker.  Take care and I look forward to working with you again.

-Aaron
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now