Re: last login for only members of a group...

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Randy,

The script uses a filter to retrieve information on all users in the domain.
You can revise this filter to only consider users that are members of a
group. You must specify the full Distinguished Name of the group. The first
ADO query retrieves all DC's, so I'm talking about the second ADO query that
is repeated once for each DC. The existing LDAP syntax filter is:

strFilter = "(&(objectCategory=person)(objectClass=user))"

Replace this with a statement similar to (watch line wrapping, this is one
line):

strFilter =
"(&(objectCategory=person)(objectClass=user)(memberOf=cn=MyGroup,ou=West,dc=MyDomain,dc=com))"

where "cn=MyGroup,ou=West,dc=MyDomain,dc=com" is the Distinguished Name of
the group. Only users that are direct members of the specified group will be
retrieved.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Randy" <randy.steinberg@xxxxxxxxx> wrote in message
news:1192631557.162841.267180@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
i was asked by our audit compliance team to make sure that all of our
contractors' domain accounts get disabled after 15 days of
inactivity. they were initially in a sub-ou in active directory until
i created a security group for them (which i've found makes for easier
scripting). i'm fairly new to scripting, but i've managed to get a
list of the users in the contractors group, and get the last logon
date for all users in the domain. i can't seem to narrow the search
to just members of the contractors group, though. script that follows
lists all users in the domain that have a last logon date of over 15
days. any ideas? thanks in advance.

Option Explicit

Dim objRootDSE, strConfig, objConnection, objCommand, strQuery
Dim objRecordSet, objDC, strgivenName, strSN, objExcel
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, lngDate, objList, strUser, strExcelPath
Dim strBase, strFilter, strAttributes, lngHigh, lngLow, Row
Dim objRange, objRange2, objRange3, arrInt
Dim arrUserSN()
Dim arrUsergivenName()
Dim arrDN()
Dim arrdtmDate()

' Use a dictionary object to track latest lastLogon for each user.
Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompare

' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\"
_
& "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If

' Determine configuration context and DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

strBase = "<LDAP://"; & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes &
";subtree"

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arrstrDCs.
k = 0
Do Until objRecordSet.EOF
Set objDC = _
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
ReDim Preserve arrstrDCs(k)
If Left(objDC.DNSHostName,2) > "L0" And Left(objDC.DNSHostName,
2)< "L7"
Then
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
objRecordSet.MoveNext
Else
objRecordSet.MoveNext
End If
Loop

' Retrieve lastLogon attribute for each user on each Domain
Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://"; & arrstrDCs(k) & "/" & strDNSDomain &
">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName,lastLogon,givenName,SN"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
objCommand.CommandText = strQuery
On Error Resume Next
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " &
arrstrDCs(k)
Else
On Error GoTo 0
arrInt = 0
Do Until objRecordSet.EOF
If Left(objRecordSet.Fields("distinguishedName"),5) >=
"CN=L0" And
Left(objRecordSet.Fields("distinguishedName"),5) <= "CN=L6"Then
ReDim Preserve arrUserSN(arrInt)
ReDim Preserve arrUsergivenName(arrInt)
ReDim Preserve arrDN(arrInt)
ReDim Preserve arrdtmDate(arrInt)
strDN = objRecordSet.Fields("distinguishedName")
arrDN(arrInt) = strDN
strgivenName = objRecordSet.Fields("givenName")
arrUsergivenName(arrInt) = strgivenName
strSN = objRecordSet.Fields("SN")
arrUserSN(arrInt) = strSN
lngDate = objRecordSet.Fields("lastLogon")
On Error Resume Next
Set objDate = lngDate
If Err.Number <> 0 Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
arrdtmDate(arrInt) = #1/1/1601#
Else
arrdtmDate(arrInt) = #1/1/1601# +
(((lngHigh * (2 ^ 32)) +
lngLow)/600000000 - lngBias)/1440
End If
End If
If objList.Exists(arrDN(arrInt)) Then
If arrdtmDate(arrInt) > objList(arrDN(arrInt)) Then
objList(arrDN(arrInt)) = arrdtmDate(arrInt)
End If
Else
objList.Add arrDN(arrInt), arrdtmDate(arrInt)
End If
arrInt = arrInt + 1
objRecordSet.MoveNext
Else
objRecordSet.MoveNext
End If
On Error Resume Next
Loop
End If
'End If
Next

Set objExcel = CreateObject("Excel.Application")
objExcel.Workbooks.Add' strExcelPath
objExcel.Visible = "True"
Set objExcel = objExcel.ActiveWorkbook.Worksheets(1)

row = 2

'objExcel.ActiveWindow.FreezePanes = False
objExcel.Columns(1).ColumnWidth = 75
objExcel.Columns(2).ColumnWidth = 25
objExcel.Columns(3).ColumnWidth = 25
objExcel.Columns(4).Columnwidth = 20
objExcel.Cells(1,1).Font.Bold = True
objExcel.Cells(1,2).Font.Bold = True
objExcel.Cells(1,3).Font.Bold = True
objExcel.Cells(1,4).Font.Bold = True
objExcel.Cells(1,1).value = "User Login ID"
objExcel.Cells(1,2).value = "First Name"
objExcel.Cells(1,3).value = "Last Name"
objExcel.Cells(1,4).value = "Last Logon Time"

' Output latest lastLogon date for each user.
arrInt = 0
For Each strUser In objList
If Date - objList(strUser) >= 15 Then '
objExcel.Cells(Row,1).value = arrDN(arrInt)'strUser
objExcel.Cells(Row,3).value = arrUserSN(arrInt)
objExcel.Cells(Row,2).value = arrUsergivenName(arrInt)
If objList(strUser) > "1/1/1601" Then
objExcel.Cells(Row,4).value = objList(strUser)
Else
objExcel.Cells(Row,4).value = "Never"
End If
arrInt = arrInt + 1
Row = Row + 1
End If
Next

Set objRange = objExcel.Range("A1").SpecialCells(11)
Set objRange2 = objExcel.Range("D1")
Set objRange3 = objExcel.Range("A1")
objRange.Sort objRange2,,,,,,,1

Wscript.Echo "Done"

' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothing



.

Quantcast