none
Verificar logon com mais de 60 dias e move-lo para uma ou especifica RRS feed

  • Pergunta

  • Pessoal,

    Gostaria que vocês postassem um script que pudesse fazer a listagem de usuários com mais de 30 dias (podendo ser configurado 60 dias ou mais) de inatividade, ou seja, esses logins não são usados a mais de 30 dias, então nesse mesmo script ele me mostraria os usuários e perguntaria se eu queria mover os usuários pra uma OU especifica.
    Grato pela atenção.
    Abaixo segue um script, mais ta dando erro:
    Erro
    Linha 87
    Char: 2
    Error: A referral was returned from the server
    Code: 8007202b

    Segue script.


    'set up some varaibles
    bDisable = 0       'do you want to disable and move the accounts?
    strFileName = "c:\inactive\users.txt"     'the file where the tab delimited results are saved

    strUserDN = "fisdest1.fisepe.pe.gov.br/OU=Ati, dc=fisepe, dc=pe, dc=gov, dc=br"   'initial OU where the users are located
    strNewParentDN = "OU=Inactive Users, dc=fisepe, dc=pe, dc=gov, dc=pe, dc=br"   'location where disabled users are moved to
    strDomain = "fisdest1.fisepe.pe.gov.br"    'FQDN
    iDayThreshold = 180      'number of days without logging in

    strOut = ""       'tmp string
    strOut2 = ""      'another tmp string
    Main()

    Sub Main()
    'get the initial data then ask some questions
     EnumOUs("LDAP://" & strUserDN)

     'yes=6, no=7, cancel=2
     answer = MsgBox(strOut & vbCrLf & "Disable and move these users?", vbYesNoCancel)
     If answer=2 Then
      Exit Sub
     ElseIf answer=6 Then
      bDisable = 1
      EnumOUs("LDAP://" & strUserDN)
     End If

     answer = MsgBox("Save the data to " & strFileName & "?", vbYesNoCancel)

     If answer = 6 Then
      strOut = "username" & vbTab & "Name" & vbTab & "Last Logon" & vbTab & "Days" & vbCrLf & strOut
      strOut2 = "These users have never logged in:" & vbCRLF _
        & "username" & vbTab & "Name" & vbTab & "Creation Date" & vbCRLF & strOut2
      strOut = strOut & vbCRLF & vbCRLF & strOut2
      SaveToFile strOut
     End If
    End Sub

    Function EnumOUs(sADsPath)
    'recursively finds all of the OU's and users in the given AD path

     Set oContainer = GetObject(sADsPath)
     oContainer.Filter = Array("OrganizationalUnit")
     For Each oOU in oContainer
      EnumUsers(oOU.ADsPath)
      EnumOUs(oOU.ADsPath)
     Next
    End Function

    Function EnumUsers(sADsPath)
    'finds all of the users' last login time

     Set oContainer = GetObject(sADsPath)
     oContainer.Filter = Array("User")
     For Each oADobject in oContainer
      Set objLogon = oADobject.Get("lastLogon")
      intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
      intLogonTime = intLogonTime / (60 * 10000000)
      intLogonTime = intLogonTime / 1440
      intLogonTime = intLogonTime + #1/1/1601#
      inactiveDays = Fix(Now() - intLogonTime)

      'adds a list of people who have never logged on.
      If intLogonTime = "1/1/1601" Then strOut2 = strOut2 & oADobject.sAMAccountName & vbTab & oADobject.DisplayName & vbTab & oADobject.whencreated & vbCRLF
     
      'if they are beyond the threshhold, it will add them to the output string
      If inactiveDays > iDayThreshold And intLogonTime <> "1/1/1601" Then
       strOut = strOut & oADobject.sAMAccountName _
        & vbTab & oADobject.displayName _
        & vbTab & intNewTime _
        & vbTab & intLogonTime _
        & vbTab & intMaxTime _
        & vbTab & inactiveDays & vbCRLF

       'if disabling was requested, it will move them to a new folder and disable the account
       If bDisable = 1 Then
        If strNewParentDN <> "" Then MoveUser oADobject.Name, oADobject.ADsPath
        Set objUser = GetObject("WinNT://" & strDomain & "/" & oADobject.sAMAccountName)
        objUser.AccountDisabled = True
        objUser.SetInfo
       End If
      End If
     Next
    End Function

    Sub MoveUser(sName, sPath)
    'moves the user from the given OU to a new OU
     Set objUser = GetObject("LDAP://" & strNewParentDN)
     objUser.MoveHere sPath, sName
    End Sub

    Sub SaveToFile(strData)
    'writes the given data to a text file
     Dim objFSO
     Set objFSO = CreateObject("Scripting.FileSystemObject")
     If objFSO.FileExists(strFileName) Then
      Set objTextStream = objFSO.OpenTextFile(strFileName, 2)
     
      objTextStream.Write strData
      objTextStream.Close
      Set objTextStream = Nothing
     Else
      Set objTextStream = objFSO.CreateTextFile(strFileName, True) 
      objTextStream.Write strData
      objTextStream.Close
      Set objTextStream = Nothing
     End If
    End Sub
    quarta-feira, 5 de março de 2008 18:48

Respostas

  • Fabiano testa esse script aqui, não cheguei a testa-lo, qualquer erro me informe Wink

    PS; recomendo você testar em uma VM antes de botar em produção  e modifique o que está em negrito Wink

     

    Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
    Dim adoRecordset, objDC
    Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
    Dim strDN, dtmDate, objDate, objList, strUser
    Dim strBase, strFilter, strAttributes, lngHigh, lngLow

    datual = now()
    dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
    dexclusao = Cdate(dexclusao) - 30
    set FSO = createobject("scripting.filesystemobject")
    set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
    log_users.close
    set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
    usuarios = ""

    Set objList = CreateObject("Scripting.Dictionary")
    objList.CompareMode = vbTextCompare

     

    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If


    Set objRootDSE = GetObject("LDAP://RootDSE")
    strConfig = objRootDSE.Get("configurationNamingContext")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")


    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    strBase = "<LDAP://" & strConfig & ">"
    strFilter = "(objectClass=nTDSDSA)"
    strAttributes = "AdsPath"
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 60
    adoCommand.Properties("Cache Results") = False

    Set adoRecordset = adoCommand.Execute


    k = 0
    Do Until adoRecordset.EOF
        Set objDC = _
            GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
        ReDim Preserve arrstrDCs(k)
        arrstrDCs(k) = objDC.DNSHostName
        k = k + 1
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Retrieve lastLogon attribute for each user on each Domain Controller.
    For k = 0 To Ubound(arrstrDCs)
        strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
        strFilter = "(&(objectCategory=person)(objectClass=user))"
        strAttributes = "sAMAccountName,lastLogon, AdsPath"
        strQuery = strBase & ";" & strFilter & ";" & strAttributes _
            & ";subtree"
        adoCommand.CommandText = strQuery
        On Error Resume Next
        Set adoRecordset = adoCommand.Execute
        If (Err.Number <> 0) Then
            On Error GoTo 0
            Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
        Else
            On Error GoTo 0
            Do Until adoRecordset.EOF
                strDN = adoRecordset.Fields("sAMAccountName").Value
                strADS = adoRecordset.Fields("AdsPAth").Value
                On Error Resume Next
                Set objDate = adoRecordset.Fields("lastLogon").Value
                If (Err.Number <> 0) Then
                    On Error GoTo 0
                    dtmDate = #1/1/1601#
                Else
                    On Error GoTo 0
                    lngHigh = objDate.HighPart
                    lngLow = objDate.LowPart
                    If (lngLow < 0) Then
                        lngHigh = lngHigh + 1
                    End If
                    If (lngHigh = 0) And (lngLow = 0 ) Then
                        dtmDate = #1/1/1601#
                    Else
                        dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                            + lngLow)/600000000 - lngBias)/1440
                    End If
                End If
                If (objList.Exists(strDN) = True) Then
                    If (dtmDate > objList(strDN)) Then
                        objList.Item(strDN) = dtmDate
                    End If
                Else
                 if dtmDate < dexclusao then
                   if instr(strADS, "nome da OU") = false then
                    log_users.writeline strADS
                    usuarios = usuarios & strDN & " "
                   end if
                 end if
                End If
                adoRecordset.MoveNext
            Loop
            adoRecordset.Close
        End If
    Next


    adoConnection.Close
    log_users.close
    Set objRootDSE = Nothing
    Set adoConnection = Nothing
    Set adoCommand = Nothing
    Set adoRecordset = Nothing
    Set objDC = Nothing
    Set objDate = Nothing
    Set objList = Nothing
    Set objShell = Nothing

    resposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
    if resposta = vbYes then
    set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
    Do Until objFile.AtEndOfStream
     oUser = objFile.ReadLine
     usuarios = split(oUser, ",")
    For i = 1 to Ubound(usuarios)
     UserDN = UserDN & usuarios(i) & ","
    Next
    tamanho = len(UserDN)
    UserDN = left(UserDN, tamanho - 1 )
    Set objUser = getobject("LDAP://" & UserDN)
    objUser.MoveHere _
        "LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullString

    Loop

    end if

    log_users.close
    quinta-feira, 6 de março de 2008 21:24

Todas as Respostas

  • Fabiano testa esse script aqui, não cheguei a testa-lo, qualquer erro me informe Wink

    PS; recomendo você testar em uma VM antes de botar em produção  e modifique o que está em negrito Wink

     

    Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
    Dim adoRecordset, objDC
    Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
    Dim strDN, dtmDate, objDate, objList, strUser
    Dim strBase, strFilter, strAttributes, lngHigh, lngLow

    datual = now()
    dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
    dexclusao = Cdate(dexclusao) - 30
    set FSO = createobject("scripting.filesystemobject")
    set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
    log_users.close
    set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
    usuarios = ""

    Set objList = CreateObject("Scripting.Dictionary")
    objList.CompareMode = vbTextCompare

     

    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If


    Set objRootDSE = GetObject("LDAP://RootDSE")
    strConfig = objRootDSE.Get("configurationNamingContext")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")


    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    strBase = "<LDAP://" & strConfig & ">"
    strFilter = "(objectClass=nTDSDSA)"
    strAttributes = "AdsPath"
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 60
    adoCommand.Properties("Cache Results") = False

    Set adoRecordset = adoCommand.Execute


    k = 0
    Do Until adoRecordset.EOF
        Set objDC = _
            GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
        ReDim Preserve arrstrDCs(k)
        arrstrDCs(k) = objDC.DNSHostName
        k = k + 1
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Retrieve lastLogon attribute for each user on each Domain Controller.
    For k = 0 To Ubound(arrstrDCs)
        strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
        strFilter = "(&(objectCategory=person)(objectClass=user))"
        strAttributes = "sAMAccountName,lastLogon, AdsPath"
        strQuery = strBase & ";" & strFilter & ";" & strAttributes _
            & ";subtree"
        adoCommand.CommandText = strQuery
        On Error Resume Next
        Set adoRecordset = adoCommand.Execute
        If (Err.Number <> 0) Then
            On Error GoTo 0
            Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
        Else
            On Error GoTo 0
            Do Until adoRecordset.EOF
                strDN = adoRecordset.Fields("sAMAccountName").Value
                strADS = adoRecordset.Fields("AdsPAth").Value
                On Error Resume Next
                Set objDate = adoRecordset.Fields("lastLogon").Value
                If (Err.Number <> 0) Then
                    On Error GoTo 0
                    dtmDate = #1/1/1601#
                Else
                    On Error GoTo 0
                    lngHigh = objDate.HighPart
                    lngLow = objDate.LowPart
                    If (lngLow < 0) Then
                        lngHigh = lngHigh + 1
                    End If
                    If (lngHigh = 0) And (lngLow = 0 ) Then
                        dtmDate = #1/1/1601#
                    Else
                        dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                            + lngLow)/600000000 - lngBias)/1440
                    End If
                End If
                If (objList.Exists(strDN) = True) Then
                    If (dtmDate > objList(strDN)) Then
                        objList.Item(strDN) = dtmDate
                    End If
                Else
                 if dtmDate < dexclusao then
                   if instr(strADS, "nome da OU") = false then
                    log_users.writeline strADS
                    usuarios = usuarios & strDN & " "
                   end if
                 end if
                End If
                adoRecordset.MoveNext
            Loop
            adoRecordset.Close
        End If
    Next


    adoConnection.Close
    log_users.close
    Set objRootDSE = Nothing
    Set adoConnection = Nothing
    Set adoCommand = Nothing
    Set adoRecordset = Nothing
    Set objDC = Nothing
    Set objDate = Nothing
    Set objList = Nothing
    Set objShell = Nothing

    resposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
    if resposta = vbYes then
    set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
    Do Until objFile.AtEndOfStream
     oUser = objFile.ReadLine
     usuarios = split(oUser, ",")
    For i = 1 to Ubound(usuarios)
     UserDN = UserDN & usuarios(i) & ","
    Next
    tamanho = len(UserDN)
    UserDN = left(UserDN, tamanho - 1 )
    Set objUser = getobject("LDAP://" & UserDN)
    objUser.MoveHere _
        "LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullString

    Loop

    end if

    log_users.close
    quinta-feira, 6 de março de 2008 21:24
  • da o seguinte erro:

    Line: 1
    Char: 1
    Error: Invalid Character
    Code: 800a0408
    Source: Microsoft VBScript Compilation error
    segunda-feira, 10 de março de 2008 13:12
  • fabiano, você colocou esse script aqui:

    '-----------------------------------------------------

    Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
    Dim adoRecordset, objDC
    Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
    Dim strDN, dtmDate, objDate, objList, strUser
    Dim strBase, strFilter, strAttributes, lngHigh, lngLow

    datual = now()
    dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
    dexclusao = Cdate(dexclusao) - 30
    set FSO = createobject("scripting.filesystemobject")
    set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
    log_users.close
    set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
    usuarios = ""

    Set objList = CreateObject("Scripting.Dictionary")
    objList.CompareMode = vbTextCompare

     

    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If


    Set objRootDSE = GetObject("LDAP://RootDSE")
    strConfig = objRootDSE.Get("configurationNamingContext")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")


    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    strBase = "<LDAP://" & strConfig & ">"
    strFilter = "(objectClass=nTDSDSA)"
    strAttributes = "AdsPath"
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 60
    adoCommand.Properties("Cache Results") = False

    Set adoRecordset = adoCommand.Execute


    k = 0
    Do Until adoRecordset.EOF
        Set objDC = _
            GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
        ReDim Preserve arrstrDCs(k)
        arrstrDCs(k) = objDC.DNSHostName
        k = k + 1
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Retrieve lastLogon attribute for each user on each Domain Controller.
    For k = 0 To Ubound(arrstrDCs)
        strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
        strFilter = "(&(objectCategory=person)(objectClass=user))"
        strAttributes = "sAMAccountName,lastLogon, AdsPath"
        strQuery = strBase & ";" & strFilter & ";" & strAttributes _
            & ";subtree"
        adoCommand.CommandText = strQuery
        On Error Resume Next
        Set adoRecordset = adoCommand.Execute
        If (Err.Number <> 0) Then
            On Error GoTo 0
            Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
        Else
            On Error GoTo 0
            Do Until adoRecordset.EOF
                strDN = adoRecordset.Fields("sAMAccountName").Value
                strADS = adoRecordset.Fields("AdsPAth").Value
                On Error Resume Next
                Set objDate = adoRecordset.Fields("lastLogon").Value
                If (Err.Number <> 0) Then
                    On Error GoTo 0
                    dtmDate = #1/1/1601#
                Else
                    On Error GoTo 0
                    lngHigh = objDate.HighPart
                    lngLow = objDate.LowPart
                    If (lngLow < 0) Then
                        lngHigh = lngHigh + 1
                    End If
                    If (lngHigh = 0) And (lngLow = 0 ) Then
                        dtmDate = #1/1/1601#
                    Else
                        dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                            + lngLow)/600000000 - lngBias)/1440
                    End If
                End If
                If (objList.Exists(strDN) = True) Then
                    If (dtmDate > objList(strDN)) Then
                        objList.Item(strDN) = dtmDate
                    End If
                Else
                 if dtmDate < dexclusao then
                   if instr(strADS, "nome da OU") = false then
                    log_users.writeline strADS
                    usuarios = usuarios & strDN & " "
                   end if
                 end if
                End If
                adoRecordset.MoveNext
            Loop
            adoRecordset.Close
        End If
    Next


    adoConnection.Close
    log_users.close
    Set objRootDSE = Nothing
    Set adoConnection = Nothing
    Set adoCommand = Nothing
    Set adoRecordset = Nothing
    Set objDC = Nothing
    Set objDate = Nothing
    Set objList = Nothing
    Set objShell = Nothing

    resposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
    if resposta = vbYes then
    set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
    Do Until objFile.AtEndOfStream
     oUser = objFile.ReadLine
     usuarios = split(oUser, ",")
    For i = 1 to Ubound(usuarios)
     UserDN = UserDN & usuarios(i) & ","
    Next
    tamanho = len(UserDN)
    UserDN = left(UserDN, tamanho - 1 )
    Set objUser = getobject("LDAP://" & UserDN)
    objUser.MoveHere _
        "LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullString

    Loop

    end if

    log_users.clos

    1------------------------------------------------------

     

    Pois dar erro de caracter inválido na primeira linha é estranho.

    segunda-feira, 10 de março de 2008 13:35