Re: garbage computer accounts
From: Robert Cohen (dont_at_want.spam.com)
Date: 03/30/04
- Next message: Tommy Doan: "FileSystemObject OpenTextFile method to prepend?"
- Previous message: Richard Mueller [MVP]: "Re: garbage computer accounts"
- In reply to: Richard Mueller [MVP]: "Re: garbage computer accounts"
- Next in thread: Dr John Stockton: "Re: garbage computer accounts"
- Reply: Dr John Stockton: "Re: garbage computer accounts"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 12:15:10 -0500
that is why I use this great script. It can be modified to output any user
who has not logged in for x number of days. But I am sure you have seen
this script before Richard :-):
' LastLogon.vbs
' VBScript program to determine when each user in the domain last logged
' on.
'
' ----------------------------------------------------------------------
' Copyright (c) 2002 Richard L. Mueller
' Version 1.0 - December 7, 2002
' Version 1.1 - January 17, 2003 - Account for null value for LastLogon.
' Version 1.2 - January 23, 2003 - Account for DC not available.
' Version 1.3 - February 3, 2003 - Retrieve users but not contacts.
' Version 1.4 - February 19, 2003 - Standardize Hungarian notation.
' Version 1.5 - March 11, 2003 - Remove SearchScope property.
'
' Because the LastLogon attribute is not replicated, every Domain
' Controller in the domain must be queried to find the latest LastLogon
' date for each user. The lastest date found is kept in a dictionary
' object. The program first uses ADO to search the domain for all Domain
' Controllers. The AdsPath of each Domain Controller is saved in an
' array. Then, for each Domain Controller, ADO is used to search the
' copy of Active Directory on that Domain Controller for all user
' objects and return the LastLogon attribute. The LastLogon attribute is
' a 64-bit number representing the number of 100 nanosecond intervals
' since 12:00 am January 1, 1601. This value is converted to a date. The
' last logon date is in UTC (Coordinated Univeral Time). It must be
' adjusted by the Time Zone bias in the machine registry to convert to
' local time.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
Option Explicit
Dim objRootDSE, strConfig, objConnection, objCommand, strQuery
Dim objRecordSet, objDC
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, lngDate, objList, strUser
Dim strBase, strFilter, strAttributes
' Use a dictionary object to track latest LastLogon for each user.
Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompare
' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
' Determine configuration context and DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("ConfigurationNamingContext")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strConfig & ">"
strFilter = "(ObjectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arrstrDCs.
k = 0
Do Until objRecordSet.EOF
Set objDC = _
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
objRecordSet.MoveNext
Loop
' Retrieve LastLogon attribute for each user on each Domain Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(&(ObjectCategory=person)(ObjectClass=user))"
strAttributes = "DistinguishedName,LastLogon"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
objCommand.CommandText = strQuery
On Error Resume Next
Err.Clear
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
Err.Clear
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("DistinguishedName")
lngDate = objRecordSet.Fields("LastLogon")
On Error Resume Next
Err.Clear
Set objDate = lngDate
If Err.Number <> 0 Then
Err.Clear
dtmDate = #1/1/1601#
Else
If (objDate.HighPart = 0) And (objDate.LowPart = 0 ) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((objDate.HighPart * (2 ^ 32)) _
+ objDate.LowPart)/600000000 - lngBias)/1440
End If
End If
On Error GoTo 0
If objList.Exists(strDN) Then
If dtmDate > objList(strDN) Then
objList(strDN) = dtmDate
End If
Else
objList.Add strDN, dtmDate
End If
objRecordSet.MoveNext
Loop
End If
Next
' Output latest LastLogon date for each user.
For Each strUser In objList
Wscript.Echo strUser & " ; " & objList(strUser)
Next
' Clean up.
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothing
-- Robert Cohen A legend in his own mind -- "Richard Mueller [MVP]" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in message news:OZfHlMnFEHA.580@TK2MSFTNGP11.phx.gbl... > Hi, > > LastLogonTimestamp is new to Windows Server 2003. A great improvement, but > the attribute is not available in W2k. > > -- > Richard > Microsoft MVP Scripting and ADSI > HilltopLab web site - http://www.rlmueller.net > -- > "Stivie S." <stefan.suesser@computacenter.com> wrote in message > news:F51DFF1A-E2E1-4731-A1CA-C8C099C5FC3F@microsoft.com... > > Hi Emre, > > > > here is a script example that uses the "LastLogonTimestamp" of a computer > object to enumerate the last logon of this object. You could also use the > "LastLogon" property, but this does not get replicated to every DC, so you > have to query every DC in your domain to find the newest logon time for a > particular computer object. My sample script retrieves the distinguished > name of the local computer, but of course you can modify the code to use any > distinguished name you want. > > > > Set objADInfo = CreateObject("ADSystemInfo") > > strComputer = objADInfo.ComputerName > > > > set objUser = GetObject("LDAP://" & strComputer) > > set objLogon = objUser.Get("lastLogonTimestamp") > > intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart > > intLogonTime = intLogonTime / (60 * 10000000) > > intLogonTime = intLogonTime / 1440 > > dtLogonTime = intLogonTime + #1/1/1601# > > WScript.Echo "Approx last logon timestamp: " & DateValue(dtLogonTime) & " > at " & TimeValue(dtLogonTime) > > > > dtDiffDays = DateDiff("d",dtLogonTime,Now) > > IF dtDiffDays => 7 THEN > > dtDiffWeeks = ABS(dtDiffDays / 7) > > END IF > > > > Wscript.Echo "Last logon occurred " & dtDiffDays & " days ago" > >
- Next message: Tommy Doan: "FileSystemObject OpenTextFile method to prepend?"
- Previous message: Richard Mueller [MVP]: "Re: garbage computer accounts"
- In reply to: Richard Mueller [MVP]: "Re: garbage computer accounts"
- Next in thread: Dr John Stockton: "Re: garbage computer accounts"
- Reply: Dr John Stockton: "Re: garbage computer accounts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
