Re: AD HOUSEKEEPING

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

You can try DSQUERY to find all inactive accounts in particular
container.....

DSQUERY user CN=Users,DC=microsoft,DC=com -inactive 4 -limit 1000

Above query will list all users who didn't login to domain for the past one
month.

This will be more helpful for u. Let me know if you require any further help.

Mallika.

"ChristopherN" wrote:

Many thanks Paul, we'll give it a try!!

"Paul Bergson" wrote:

I have a script for users, you can download it at:
http://www.pbbergs.com select download and click on "Active Directory User
Account Attributes" WMI needs to be loaded on the machine running this
applicaion.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"ChristopherN" <ChristopherN@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:621B4B28-6948-44FB-8439-B2799804FCAF@xxxxxxxxxxxxxxxx
Our domain functional level is currently at Windows 2000 mixed mode. We
are
going through a technical refresh and are upgrading all our servers to
Windows 2003, when the DCs have been upgraded we will move to Server 2003
mode. In the meantime we are trying to do some long overdue housekeeping
and
want to get rid of all inactive user accounts and computer accounts.

There is plenty advice on how to accomplish this in Server 2003 mode using
dsquery etc but we are stuck with Windows 2000 DCs at the moment. Does
anyone know of a script or a tool that we can run against our AD that will
produce a report of when user accounts and computer accounts last logged
on
or were used.

We have tried to use the free utility oldcmp without success. Any advice
or
leads would be really, really appreciated.

Many thanks - Chris



.

Relevant Pages

  • Re: Group password reset
    ... You can use dsquery to pipe the results to dsmod. ... best to try out on a couple test accounts first. ...
    (microsoft.public.security)
  • Re: Query to extract only those group members with enabled accounts
    ... include those with enabled accounts (i.e. anyone whose account is not ... I thought that my logic was sound - using dsquery to find non-disabled ... a dsget example from the online help, ... Any suggested improvements? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Technical Q: Is there a CMD for DSQuery user -lockedout?
    ... some of the command line features more to learn them. ... can quickly get a list of accounts that are disabled via the dsquery ... There is no dsquery user switch for what you want. ... I even made a mmc with all the dc event logs on it but it still ...
    (microsoft.public.cert.exam.mcse)
  • Re: Saved Querys Windows 2003
    ... lastlogonTimestamp is the user object attribute that will give you this but ... you can also dsquery. ... This next command will search for and disable any accounts not used for 4 ...
    (microsoft.public.win2000.active_directory)
  • Sending email to mydomain.com
    ... They do not offer an smtp server, ... different from the user account names for the exchange ... I added one user account in the POP3 Mailbox Accounts ...
    (microsoft.public.windows.server.sbs)