Usuário com melhor resposta
Verificar logon com mais de 60 dias e move-lo para uma ou especifica

Pergunta
-
Pessoal,
Gostaria que vocês postassem um script que pudesse fazer a listagem de usuários com mais de 30 dias (podendo ser configurado 60 dias ou mais) de inatividade, ou seja, esses logins não são usados a mais de 30 dias, então nesse mesmo script ele me mostraria os usuários e perguntaria se eu queria mover os usuários pra uma OU especifica.
Grato pela atenção.
Abaixo segue um script, mais ta dando erro:
Erro
Linha 87
Char: 2
Error: A referral was returned from the server
Code: 8007202b
Segue script.
'set up some varaibles
bDisable = 0 'do you want to disable and move the accounts?
strFileName = "c:\inactive\users.txt" 'the file where the tab delimited results are saved
strUserDN = "fisdest1.fisepe.pe.gov.br/OU=Ati, dc=fisepe, dc=pe, dc=gov, dc=br" 'initial OU where the users are located
strNewParentDN = "OU=Inactive Users, dc=fisepe, dc=pe, dc=gov, dc=pe, dc=br" 'location where disabled users are moved to
strDomain = "fisdest1.fisepe.pe.gov.br" 'FQDN
iDayThreshold = 180 'number of days without logging in
strOut = "" 'tmp string
strOut2 = "" 'another tmp string
Main()
Sub Main()
'get the initial data then ask some questions
EnumOUs("LDAP://" & strUserDN)
'yes=6, no=7, cancel=2
answer = MsgBox(strOut & vbCrLf & "Disable and move these users?", vbYesNoCancel)
If answer=2 Then
Exit Sub
ElseIf answer=6 Then
bDisable = 1
EnumOUs("LDAP://" & strUserDN)
End If
answer = MsgBox("Save the data to " & strFileName & "?", vbYesNoCancel)
If answer = 6 Then
strOut = "username" & vbTab & "Name" & vbTab & "Last Logon" & vbTab & "Days" & vbCrLf & strOut
strOut2 = "These users have never logged in:" & vbCRLF _
& "username" & vbTab & "Name" & vbTab & "Creation Date" & vbCRLF & strOut2
strOut = strOut & vbCRLF & vbCRLF & strOut2
SaveToFile strOut
End If
End Sub
Function EnumOUs(sADsPath)
'recursively finds all of the OU's and users in the given AD path
Set oContainer = GetObject(sADsPath)
oContainer.Filter = Array("OrganizationalUnit")
For Each oOU in oContainer
EnumUsers(oOU.ADsPath)
EnumOUs(oOU.ADsPath)
Next
End Function
Function EnumUsers(sADsPath)
'finds all of the users' last login time
Set oContainer = GetObject(sADsPath)
oContainer.Filter = Array("User")
For Each oADobject in oContainer
Set objLogon = oADobject.Get("lastLogon")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
intLogonTime = intLogonTime + #1/1/1601#
inactiveDays = Fix(Now() - intLogonTime)
'adds a list of people who have never logged on.
If intLogonTime = "1/1/1601" Then strOut2 = strOut2 & oADobject.sAMAccountName & vbTab & oADobject.DisplayName & vbTab & oADobject.whencreated & vbCRLF
'if they are beyond the threshhold, it will add them to the output string
If inactiveDays > iDayThreshold And intLogonTime <> "1/1/1601" Then
strOut = strOut & oADobject.sAMAccountName _
& vbTab & oADobject.displayName _
& vbTab & intNewTime _
& vbTab & intLogonTime _
& vbTab & intMaxTime _
& vbTab & inactiveDays & vbCRLF
'if disabling was requested, it will move them to a new folder and disable the account
If bDisable = 1 Then
If strNewParentDN <> "" Then MoveUser oADobject.Name, oADobject.ADsPath
Set objUser = GetObject("WinNT://" & strDomain & "/" & oADobject.sAMAccountName)
objUser.AccountDisabled = True
objUser.SetInfo
End If
End If
Next
End Function
Sub MoveUser(sName, sPath)
'moves the user from the given OU to a new OU
Set objUser = GetObject("LDAP://" & strNewParentDN)
objUser.MoveHere sPath, sName
End Sub
Sub SaveToFile(strData)
'writes the given data to a text file
Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(strFileName) Then
Set objTextStream = objFSO.OpenTextFile(strFileName, 2)
objTextStream.Write strData
objTextStream.Close
Set objTextStream = Nothing
Else
Set objTextStream = objFSO.CreateTextFile(strFileName, True)
objTextStream.Write strData
objTextStream.Close
Set objTextStream = Nothing
End If
End Sub
Respostas
-
Fabiano testa esse script aqui, não cheguei a testa-lo, qualquer erro me informe
PS; recomendo você testar em uma VM antes de botar em produção e modifique o que está em negrito
Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
Dim adoRecordset, objDC
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, objList, strUser
Dim strBase, strFilter, strAttributes, lngHigh, lngLowdatual = now()
dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
dexclusao = Cdate(dexclusao) - 30
set FSO = createobject("scripting.filesystemobject")
set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
log_users.close
set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
usuarios = ""Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompareSet objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnectionstrBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = FalseSet adoRecordset = adoCommand.Execute
k = 0
Do Until adoRecordset.EOF
Set objDC = _
GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
adoRecordset.MoveNext
Loop
adoRecordset.Close' Retrieve lastLogon attribute for each user on each Domain Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "sAMAccountName,lastLogon, AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
adoCommand.CommandText = strQuery
On Error Resume Next
Set adoRecordset = adoCommand.Execute
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("sAMAccountName").Value
strADS = adoRecordset.Fields("AdsPAth").Value
On Error Resume Next
Set objDate = adoRecordset.Fields("lastLogon").Value
If (Err.Number <> 0) Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 - lngBias)/1440
End If
End If
If (objList.Exists(strDN) = True) Then
If (dtmDate > objList(strDN)) Then
objList.Item(strDN) = dtmDate
End If
Else
if dtmDate < dexclusao then
if instr(strADS, "nome da OU") = false then
log_users.writeline strADS
usuarios = usuarios & strDN & " "
end if
end if
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
End If
Next
adoConnection.Close
log_users.close
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Set adoRecordset = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothingresposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
if resposta = vbYes then
set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
Do Until objFile.AtEndOfStream
oUser = objFile.ReadLine
usuarios = split(oUser, ",")
For i = 1 to Ubound(usuarios)
UserDN = UserDN & usuarios(i) & ","
Next
tamanho = len(UserDN)
UserDN = left(UserDN, tamanho - 1 )
Set objUser = getobject("LDAP://" & UserDN)
objUser.MoveHere _
"LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullStringLoop
end if
log_users.close- Marcado como Resposta Fábio JrModerator quarta-feira, 8 de agosto de 2012 13:20
Todas as Respostas
-
Fabiano testa esse script aqui, não cheguei a testa-lo, qualquer erro me informe
PS; recomendo você testar em uma VM antes de botar em produção e modifique o que está em negrito
Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
Dim adoRecordset, objDC
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, objList, strUser
Dim strBase, strFilter, strAttributes, lngHigh, lngLowdatual = now()
dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
dexclusao = Cdate(dexclusao) - 30
set FSO = createobject("scripting.filesystemobject")
set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
log_users.close
set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
usuarios = ""Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompareSet objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnectionstrBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = FalseSet adoRecordset = adoCommand.Execute
k = 0
Do Until adoRecordset.EOF
Set objDC = _
GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
adoRecordset.MoveNext
Loop
adoRecordset.Close' Retrieve lastLogon attribute for each user on each Domain Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "sAMAccountName,lastLogon, AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
adoCommand.CommandText = strQuery
On Error Resume Next
Set adoRecordset = adoCommand.Execute
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("sAMAccountName").Value
strADS = adoRecordset.Fields("AdsPAth").Value
On Error Resume Next
Set objDate = adoRecordset.Fields("lastLogon").Value
If (Err.Number <> 0) Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 - lngBias)/1440
End If
End If
If (objList.Exists(strDN) = True) Then
If (dtmDate > objList(strDN)) Then
objList.Item(strDN) = dtmDate
End If
Else
if dtmDate < dexclusao then
if instr(strADS, "nome da OU") = false then
log_users.writeline strADS
usuarios = usuarios & strDN & " "
end if
end if
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
End If
Next
adoConnection.Close
log_users.close
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Set adoRecordset = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothingresposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
if resposta = vbYes then
set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
Do Until objFile.AtEndOfStream
oUser = objFile.ReadLine
usuarios = split(oUser, ",")
For i = 1 to Ubound(usuarios)
UserDN = UserDN & usuarios(i) & ","
Next
tamanho = len(UserDN)
UserDN = left(UserDN, tamanho - 1 )
Set objUser = getobject("LDAP://" & UserDN)
objUser.MoveHere _
"LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullStringLoop
end if
log_users.close- Marcado como Resposta Fábio JrModerator quarta-feira, 8 de agosto de 2012 13:20
-
-
fabiano, você colocou esse script aqui:
'-----------------------------------------------------
Dim objRootDSE, strConfig, adoConnection, adoCommand, strQuery
Dim adoRecordset, objDC
Dim strDNSDomain, objShell, lngBiasKey, lngBias, k, arrstrDCs()
Dim strDN, dtmDate, objDate, objList, strUser
Dim strBase, strFilter, strAttributes, lngHigh, lngLowdatual = now()
dexclusao = datepart("d", datual) & "/" & datepart("m", datual) & "/" & datepart("yyyy", datual)
dexclusao = Cdate(dexclusao) - 30
set FSO = createobject("scripting.filesystemobject")
set log_users = fso.createtextfile("C:\Users_Inativos.txt",2)
log_users.close
set log_users = fso.opentextfile("C:\Users_inativos.txt",8)
usuarios = ""Set objList = CreateObject("Scripting.Dictionary")
objList.CompareMode = vbTextCompareSet objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnectionstrBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = FalseSet adoRecordset = adoCommand.Execute
k = 0
Do Until adoRecordset.EOF
Set objDC = _
GetObject(GetObject(adoRecordset.Fields("AdsPath").Value).Parent)
ReDim Preserve arrstrDCs(k)
arrstrDCs(k) = objDC.DNSHostName
k = k + 1
adoRecordset.MoveNext
Loop
adoRecordset.Close' Retrieve lastLogon attribute for each user on each Domain Controller.
For k = 0 To Ubound(arrstrDCs)
strBase = "<LDAP://" & arrstrDCs(k) & "/" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "sAMAccountName,lastLogon, AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes _
& ";subtree"
adoCommand.CommandText = strQuery
On Error Resume Next
Set adoRecordset = adoCommand.Execute
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Domain Controller not available: " & arrstrDCs(k)
Else
On Error GoTo 0
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("sAMAccountName").Value
strADS = adoRecordset.Fields("AdsPAth").Value
On Error Resume Next
Set objDate = adoRecordset.Fields("lastLogon").Value
If (Err.Number <> 0) Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 - lngBias)/1440
End If
End If
If (objList.Exists(strDN) = True) Then
If (dtmDate > objList(strDN)) Then
objList.Item(strDN) = dtmDate
End If
Else
if dtmDate < dexclusao then
if instr(strADS, "nome da OU") = false then
log_users.writeline strADS
usuarios = usuarios & strDN & " "
end if
end if
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
End If
Next
adoConnection.Close
log_users.close
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Set adoRecordset = Nothing
Set objDC = Nothing
Set objDate = Nothing
Set objList = Nothing
Set objShell = Nothingresposta = MsgBox(usuarios & vbCrLf & "Gostaria de mover esses usuários para uma nova OU?", vbYesNo)
if resposta = vbYes then
set log_users = fso.opentextfile("C:\Users_Inativos.txt",1)
Do Until objFile.AtEndOfStream
oUser = objFile.ReadLine
usuarios = split(oUser, ",")
For i = 1 to Ubound(usuarios)
UserDN = UserDN & usuarios(i) & ","
Next
tamanho = len(UserDN)
UserDN = left(UserDN, tamanho - 1 )
Set objUser = getobject("LDAP://" & UserDN)
objUser.MoveHere _
"LDAP://" & usuarios(0) & ",OU=nome da OU,dc= nome do seu dc, dc=seu dominio,dc=com,dc=br", vbNullStringLoop
end if
log_users.clos
1------------------------------------------------------
Pois dar erro de caracter inválido na primeira linha é estranho.