locked
List users with no logon information RRS feed

  • Question

  • Hello all.

    I'm pleased to finally join. OK my problem. I've currently got a script that will work out exactly what i want, in that it queries the domain for user accounts that have not logged onto the domain for an extended period of time which is specified in days. The default value of days is 30. This can be changed within the script, my issue is that if you leave it at 30 days and run it, it will bring back all those accounts that have no login date and all those accounts that have logged on within 30 days. Now in some respect i am happy, however, i now need to tweek it so that it only returns accounts that have no login information and exclude those that do regardless of timeframe.

    The source code can be found here: http://examples.oreilly.de/english_examples/9780735625044/cd_contents/Management%2520Scripts/WS08SecurityResKit/LocateOldUsersNotLogOn.ps1

    At the moment i'm running it against a single OU as we have over 4,500+ users. The OU has 2 accounts, one that i've just created and therefore never logged on and another account that i've used for testing before, which does have a login date.

    To confirm i'm running a second script that runs the above and specifies the parameters i.e. the OU and domain, see below for code. 

    1. chdir "c:\scripts"
    2. .\LocateOldUsersNotLogOn.ps1 -domain "ou=TEST,dc=company,dc=co,dc=uk" -all

    Any ideas?

    Thanks David.


    • Edited by David Bowles Tuesday, October 25, 2011 2:39 PM clearer description of problem
    Tuesday, October 25, 2011 2:36 PM

Answers

  • The script you are referencing is quite old and perhaps to detailed for what you need.  The LDAP query that Richard posted can be used with DirectoryServices.DirectorySearcher to return the results you need:

    $domain = [ADSI]""
    $ADSearch = New-Object DirectoryServices.DirectorySearcher($domain)
    $ADSearch.filter = "(&(objectCategory=person)(objectClass=user)(|(lastLogon=0)(!lastLogon=*)))"
    $ADSearch.CacheResults = $true
    $ADSearch.SearchScope = "Subtree"
    $ADSearch.PageSize = 1000
    $ADsearch.findall() | select Path

     

    You can tinker with the results and the query.  Have a look at http://technet.microsoft.com/en-us/library/ff730967.aspx if you are interested in learning what everthing does.

    Cheers

    Darrell

    Tuesday, October 25, 2011 3:58 PM

All replies

  • Users that have never logged on will have lastLogon either missing (Null) or 0. The LDAP syntax query for all such users would be:

     

    (&(objectCategory=person)(objectClass=user)(|(lastLogon=0)(!lastLogon=*)))

    -----

     

    This can be used in any command line utility or script that accepts LDAP syntax queries. Your linked example can be modified to use this.

     


    Richard Mueller - MVP Directory Services
    Tuesday, October 25, 2011 3:01 PM
  • Hi Richard, thanks for that answer. My post for the actual source code (reference to a website), where would i delcare the code

    (&(objectCategory=person)(objectClass=user)(|(lastLogon=0)(!lastLogon=*)))
    


    If this would take too long, any pointers would be extremely helpful. I must apologise, i've done little to no scripting with Powershell before.

    Thanks for your time.

    David.


    David Bowles - iOS Developer - www.davidjamesbowles.wordpress.com
    Tuesday, October 25, 2011 3:15 PM
  • The script you are referencing is quite old and perhaps to detailed for what you need.  The LDAP query that Richard posted can be used with DirectoryServices.DirectorySearcher to return the results you need:

    $domain = [ADSI]""
    $ADSearch = New-Object DirectoryServices.DirectorySearcher($domain)
    $ADSearch.filter = "(&(objectCategory=person)(objectClass=user)(|(lastLogon=0)(!lastLogon=*)))"
    $ADSearch.CacheResults = $true
    $ADSearch.SearchScope = "Subtree"
    $ADSearch.PageSize = 1000
    $ADsearch.findall() | select Path

     

    You can tinker with the results and the query.  Have a look at http://technet.microsoft.com/en-us/library/ff730967.aspx if you are interested in learning what everthing does.

    Cheers

    Darrell

    Tuesday, October 25, 2011 3:58 PM
  • Thanks for that Darrell and Richard, i'll have a play with this.

    David.


    David Bowles - iOS Developer - www.davidjamesbowles.wordpress.com
    Wednesday, October 26, 2011 7:40 AM