|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: How to generate a report of inactive domain user accounts
From: Tiago Halm (thalm
netcabo.pt)
Date: Fri Apr 11 2003 - 18:11:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Some time ago, I wrote a vbs script that did exactly that.
It generates a tab-separated values file format which you can then bcp in
into your sql server or parse it any way you want.
It outputs AdsClass (computer or user), sAMAccountName (Account Name), cn
(Common Name) and Date of last login.
The date of last login is the most recent one found in all domain
controllers provided to the script.
Here goes,
------------------ start -----------------------
Option Explicit
Sub RecurseLDAP(ByVal p_sAdsPath, ByVal p_sDCName)
Dim oOBJ, oSHM, oCHD, oValue
Set oOBJ = GetObject(p_sAdsPath)
Set oSHM = GetObject(oOBJ.Schema)
Call oOBJ.GetInfo
On Error Resume Next
oValue = oOBJ.LastLogin
If Err.Number = 0 Then
Dim dCurrDate, dOldDate
dCurrDate = DateValue(oValue)
dCurrDate = CDate(Year(dCurrDate) & "-" & Month(dCurrDate) &
"-" & Day(dCurrDate) & " " & TimeValue(oValue))
If oDict.Exists(oOBJ.sAMAccountName) Then
dOldDate = oDict.Item(oOBJ.sAMAccountName)(2)
If DateDiff("s", dCurrDate, dtNow) < DateDiff("s",
dOldDate, dtNow) Then
oDict.Item(oOBJ.sAMAccountName) =
Array(oOBJ.Class, oOBJ.cn, dCurrDate)
End If
Else
Call oDict.Add(oOBJ.sAMAccountName,
Array(oOBJ.Class, oOBJ.cn, dCurrDate))
End If
Else
Call Err.Clear
End If
On Error Goto 0
If oSHM.Container Then
For Each oCHD In oOBJ
Call RecurseLDAP(oCHD.AdsPath, p_sDCName)
Next
End If
End Sub
Sub FormatDict(ByVal p_sFile)
Dim oFSO, oTS, dDate
Dim arrKeys, nIndex, sYear
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.CreateTextFile(p_sFile, True, True)
Call oTS.WriteLine("Class" & vbTab & "Acount" & vbTab & "cn" & vbTab
& "Date/Time")
arrKeys = oDict.Keys
For nIndex = 0 To oDict.Count - 1
dDate = DateValue(oDict.Item(arrKeys(nIndex))(2))
sYear = Year(dDate)
If CLng(sYear) < 1970 Then sYear = "1970"
Call oTS.WriteLine(oDict.Item(arrKeys(nIndex))(0) & vbTab &
arrKeys(nIndex) & vbTab & oDict.Item(arrKeys(nIndex))(1) & vbTab & sYear &
"-" & Month(dDate) & "-" & Day(dDate) & " " &
TimeValue(oDict.Item(arrKeys(nIndex))(2)))
Next
Call oTS.Close
End Sub
If WScript.Arguments.Count < 3 Then
WScript.Echo "Usage: ChechLogin.vbs <file> <site> <dc1> [<dcn>]"
WScript.Echo
WScript.Echo "<file>" & vbTab & "output filename"
WScript.Echo "<site>" & vbTab & "AD site name (ex:
dc=MySite,dc=MyCompany,dc=com)"
WScript.Echo "<dc1>" & vbTab & "domain controller name"
WScript.Echo "<dcn>" & vbTab & "other domain controllers name"
WScript.Echo
WScript.Echo "Examples"
WScript.Echo "--------"
WScript.Echo "CheckLogin.vbs c:\myfile.txt
dc=MySite,dc=MyCompany,dc=com MyDC1"
WScript.Echo "CheckLogin.vbs c:\myfile.txt
dc=MySite,dc=MyCompany,dc=com MyDC1 MyDC2 MyDC3"
WScript.Quit
End If
Dim dtNow, oDict, sFile, sSite, nDCIndex, sDCName
dtNow = Now
Set oDict = CreateObject("Scripting.Dictionary")
sFile = WScript.Arguments(0)
sSite = WScript.Arguments(1)
For nDCIndex = 2 To WScript.Arguments.Count - 1
sDCName = WScript.Arguments(nDCIndex)
Call RecurseLDAP("LDAP://" & sDCName & "/" & sSite, sDCName)
Next
Call FormatDict(sFile)
------------------ end -----------------------
Hope it helps,
Tiago Halm
----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]