Entrar
 
HomeBibliotecaWikiAprenderGaleriaDownloadsSuporte ComunidadeFóruns
Recursos para Profissionais de TI >
Script

Respondido Script

  • sexta-feira, 11 de maio de 2012 20:26
     
     
    Entrar para Votar
    0
    Is there a script that can be used for AD that will allow me to find old accounts that haven't been logged in to for a while, so i can make sure the accounts are disabled.
     

Todas as Respostas

  • sábado, 12 de maio de 2012 04:04
     
     Respondido
    Entrar para Votar
    0

    Hi,

    This forum is for Exchange questions, so I would recommend that you ask in the Directory Services or Windows PowerShell Forum

    With that said, If you have "Active Directory Module for Windows Powershell" installed, a good starting point would be to use the cmdlet Search-Adaccount.

    Martina Miskovic

     
  • sábado, 12 de maio de 2012 18:56
     
     
    Entrar para Votar
    0

    Multiple methods but Richard Mueller DS MVP has a bunch of good scripts.

    http://www.rlmueller.net/Last%20Logon.htm

    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

     
  • domingo, 13 de maio de 2012 12:13
     
     
    Entrar para Votar
    0

    Is this for user or computer accounts?

    Regardless, the dsquery command will give you a rough idea.

    The commands below will show, respectively, user and computer accounts that have not logged on for 12 weeks:

    dsquery user domainroot -inactive 12

    dsquery computer domainroot -inactive 12

    What is your domain functional level?

    dsquery uses the LastLogonTimeStamp attribute which IS replicated to all domain controllers (as opposed to the LastLogon attribute).

    But that attribute is only used in W2K3 DFL (and above presumably).

    A word of caution: the attribute in question replicates weekly so it can be "off" by as much as 7 days (according to Joe Richards, I have also seen 14 days).

    So as I said, a rough idea.

     

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

     
  • domingo, 13 de maio de 2012 19:46
     
     
    Entrar para Votar
    0

    Yes, the -AccountInactive switch:

    *

    Specifies to search for accounts that have not logged in within a given time period or since a specified time. To specify a time period, use the TimeSpan parameter. To specify a specific time, use the DateTime parameter. Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level, so this parameter will only work in that mode.

    The following example shows how to set this parameter to search for accounts that have been inactive for the past 10 days.
    -AccountInactive -TimeSpan 10

    The following example shows how to set this parameter to search for accounts that have been inactive since July 16, 2008 at 12:00 AM.
    -AccountInactive -DateTime "7/16/2008"

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Editado Le Pivert domingo, 13 de maio de 2012 19:48
    •  
     
  • segunda-feira, 14 de maio de 2012 09:10
     
     Resposta Proposta
    Entrar para Votar
    0

    Here is a finished script you might use

    http://www.ericwoodford.com/powershell-script-2-getting-last-logon-date-exchange-mailboxes

    (oh be sure to disable real users only)
    • Sugerido como Resposta PGT2008 segunda-feira, 14 de maio de 2012 09:10
    • Editado PGT2008 segunda-feira, 14 de maio de 2012 09:12
    •  
     
  • terça-feira, 15 de maio de 2012 02:35
    Moderador
     
     
    Entrar para Votar
    0

    Hi Raynard

    Any update on this thread, Did you try the Script they provide?

    Cheers

    Zi Feng

    TechNet Community Support