|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: How to generate a report of inactive domain user accounts
From: Amarante, Rodrigo P. (RPAmarante
directvla.com)
Date: Fri Apr 11 2003 - 16:00:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian,
Each time a Domain Controller authenticates a user, it records that time
(in a funky format) in the lastLogon attribute of that user's object in
active directory. The problem is that each domain controller has it's
own values for that attribute. So, if joe user got authenticated by
Domain Controller A in 04/09/2003 at 10:10AM and next day he gets
authenticated by Domain Controller B at 09:00AM. The user's real last
logon was 04/10/2003 at 09:00AM, but if you only query Domain Controller
A it will show up as being 04/09/2003 at 10:10AM.
So in order for you to get an accurate last logon, you must query all
Domain Controllers for the domain and then compare the values of the
lastLogon attribute. The value is stored as an INTERGER8, so in order
for you to get the the high part and the low part to get it to work...
I wrote a tool using the .NET framework that gives you the "real"
lastlogon attribute of a given user or of all users in the domain. The
only "complicated" thing is to convert the value to an actual human
readable time format...
-----Original Message-----
From: Brian E [mailto:brian_anonhotmail.com]
Sent: Friday, April 11, 2003 7:56 AM
To: focus-mssecurityfocus.com
Can anyone provide some suggestions or list of tools available to
generate
a report of inactive domain user accounts within an OU?
We're using Active Directory with Windows 2000 and have OU's defined for
different groups of users. I'd like to generate the report by OU.
We also have multiple domain controllers (I've had issues with "last
true
logon" in the past). I would like a list of user who have not logged in
within X days (preferably 90 days, but I'd like to modify this
threshold).
Criteria for an inactive account:
-Not logged on for X days (X will be provided at time of generating the
report)
-Not disabled
-Password is set to expire
Regard,
Brian
brian_anonhotmail.com
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers
of
technology including filtering embedded and attached file content. Rid
your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]