Re: User account properties - last modified

---

• From: "Richard Mueller [MVP]" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 16:38:22 -0500

---

"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:ucAC2aWjFHA.3656@xxxxxxxxxxxxxxxxxxxxxxx
> The behaviour you are seeing is probably because whenChanged isn't
> replicated. So you will probably need to go off to each DC like you did
> with the lastLogon script you referred to.
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> http://www.msresource.net | http://forums.msresource.net
>
>
Hi,

A quick modification of my LastLogon.vbs to retrieve WhenChanged instead.
The largest (latest) value is retained in a dictionary object and output at
the end. The program can be run at a command prompt and the output
redirected to a text file:

Option Explicit
Dim objRootDSE, strConfig, objConnection, objCommand, strQuery
Dim objRecordSet, objDC
Dim strDNSDomain, k, arrstrDCs()
Dim strDN, dtmDate, objList, strUser
Dim strBase, strFilter, strAttributes

' Use a dictionary object to track latest whenChanged for each user.
Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompare

' Determine configuration context and DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

strBase = "<LDAP://"; & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

' Enumerate parent objects of class nTDSDSA. Save Domain Controller
' AdsPaths in dynamic array arrstrDCs.
k = 0
Do Until objRecordSet.EOF
Set objDC = _
GetObject(GetObject(objRecordSet.Fields("AdsPath")).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
objRecordSet.MoveNext
Loop

' Retrieve whenChanged attribute for each user on each Domain Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://"; & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName,whenChanged"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
objCommand.CommandText = strQuery
On Error Resume Next
Err.Clear
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then
Err.Clear
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
dtmDate = objRecordSet.Fields("whenChanged")
If objList.Exists(strDN) Then
If dtmDate > objList(strDN) Then
objList(strDN) = dtmDate
End If
Else
objList.Add strDN, dtmDate
End If
objRecordSet.MoveNext
Loop
End If
Next

' Output latest whenChanged date for each user.
For Each strUser In objList
Wscript.Echo strUser & " ; " & objList(strUser)
Next

' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set objDC = Nothing
Set objList = Nothing

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--



.

---

• References:
  • User account properties - last modified
    • From: Keith
  • Re: User account properties - last modified
    • From: Al Mulnick
  • Re: User account properties - last modified
    • From: Paul Williams [MVP]

• Prev by Date: Re: sp1 hangs on install
• Next by Date: Re: sIDHistory
• Previous by thread: Re: User account properties - last modified
• Next by thread: Re: User account properties - last modified
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Retrieving users email address ... To read a multi-valued attribute, you can loop through the collection ... > Dim objRootDSE, strDNSDomain, objConnection, strQuery ... > Set objConnection = CreateObject ... > Set objRecordSet = objConnection.Execute ... (microsoft.public.inetserver.asp.general) Re: Remove gPLink from OU ... The unwanted policy is deleted (as ... Dim strPolicy, strPolicySID, strGPLink, strTemp ... Set objConnection = CreateObject ... Set objRecordSet = Nothing ... (microsoft.public.windows.server.scripting) Re: Enumerate Empty Global Groups ... > where the member attribute is empty. ... > Dim strBase, strFilter, strAttributes, strQuery, objRecordSet ... > Set objRecordSet = objCommand.Execute ... Dim strNTName, lngPriGrpToken, arrstrGroups, k ... (microsoft.public.windows.server.scripting) Re: last login script ... Without actually reading your adaptation of the script, ... a domain controller other than what one would expect. ... > Dim objRootDSE, strConfig, objConnection, objCommand, strQuery ... > On Error GoTo 0 ... (microsoft.public.scripting.vbscript) Re: Last Login Time - question about Script I have ... ' Controller in the domain must be queried to find the latest LastLogon ... Then, for each Domain Controller, ADO is used to search the ... Dim objRootDSE, strConfig, objConnection, objCommand, strQuery ... Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs ... (microsoft.public.scripting.wsh)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2005-07