Re: Any way to tell if a user hasn't logged in for a set period of time?
From: Herb Martin (news_at_LearnQuick.com)
Date: 02/09/05
- Next message: Frank: "Viewing Dropped Packets In Network Monitor"
- Previous message: Jetro: "Re: How to Find MAC addr"
- In reply to: Steven L Umbach: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Next in thread: Jacki Slough: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Reply: Jacki Slough: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Feb 2005 18:24:34 -0600
Well a simple Perl script could drop all users that don't
appear in both files (2 at a time) then run the results
against the next DC until you either run out of users or
get to the last DC.
(Or course such could be automated to read all N files
at once but the code for two files is trivial.)
-- Herb Martin "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:eN9H#IiDFHA.3452@TK2MSFTNGP09.phx.gbl... > Herb is right [as usual]. If you have a Windows XP Pro computer in the > domain you can install the adminpak for Windows 2003 [download from MS] on > it and logon as a domain admin, so make sure the computer is secure, and use > the Active Directory command line tools to query for accounts that have not > logged on in a certain number of weeks. You will have to do such on each > domain controller with the /s switch to get a list of suspects. The problem > is that a user who has not logged on via a particular domain controller for > a long time may simply be using a different domain controller. So after you > get your list of suspects, you will need to run [ net user username ] on > each domain controller to see the last time the user logged on and if it > shows to be a long time on all domain controllers it is probably safe to > suspect that these users may no longer be there but you want to check with > personnel just in case they are on disability, military leave, or pregnancy > leave for instance. > > You should really should raise hell with the powers that be about the lack > of communication however. There may be better solutions if you check with > the scripting newsgroup or visit the Microsoft Scripting center. --- Steve > > http://www.jsiinc.com/SUBO/tip7300/rh7330.htm -- dsquery. > http://www.microsoft.com/technet/scriptcenter/scripts/ad/default.mspx > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:u0C3ESgDFHA.392@TK2MSFTNGP14.phx.gbl... > > Apparently there was a Bug in Win2000 AD where the last > > logon time was never updated. > > > > You need Win2003 AD (and an advanced mode) for this > > I believe. > > > > -- > > Herb Martin > > > > > > "Jacki Slough" <jslough@dortfcu.org> wrote in message > > news:#ZvD0tfDFHA.1932@TK2MSFTNGP14.phx.gbl... > >> Using Windows 2000 servers. We are having trouble in that we are not > > being > >> notified when staff quit or leave for other reasons. We would like to > >> remove their account from the network immediately. Is there a script > >> that > >> will tell us if a user hasn't logged in within a certain time frame? Or > > is > >> there a way to disable an account if it hasn't been used in so many days? > >> Any other ideas are appreciated! > >> > >> > > > > > >
- Next message: Frank: "Viewing Dropped Packets In Network Monitor"
- Previous message: Jetro: "Re: How to Find MAC addr"
- In reply to: Steven L Umbach: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Next in thread: Jacki Slough: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Reply: Jacki Slough: "Re: Any way to tell if a user hasn't logged in for a set period of time?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
