Web Images Videos Maps News Shopping Google Mail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
microsoft.public.scripting.vbscript
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion W2003 domain computer account script
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Follow-up To:
Add Cc | Add Follow-up to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers that you hear
 
Richard Mueller [MVP]  
View profile   Translate to Translated (View Original)
 More options 15 Dec 2003, 19:06
Newsgroups: microsoft.public.scripting.vbscript
From: "Richard Mueller [MVP]" <rlmueller-nos...@ameritech.net>
Date: Mon, 15 Dec 2003 13:02:59 -0600
Local: Mon 15 Dec 2003 19:02
Subject: Re: W2003 domain computer account script
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

Robert wrote:
> Does anyone out there have a script that I can run on the
> domain that will tell me when the last time a computer
> account has been accessed.I need to determine whether or
> not I can delete old workstation accounts without having
> to go a touch each one manually

Hi,

I have a sample VBScript program that retrieves the lastLogon date for all
users in the domain linked on the page below. It can be easily modified to
report on all computer objects instead:

http://www.rlmueller.net/Last%20Logon.htm

To modify for computers instead of users, change this line:

  strFilter = "(&(objectCategory=person)(objectClass=user))"

which is in the loop that queries each Domain Controller, to this:

  strFilter = "(objectCategory=computer)"

The program should be run at a command prompt using the cscript host. The
output can be redirected to a text file, which can be imported into a
spreadsheet for analysis.

While this program will give you what you requested, it can take awhile to
run. Because the "lastLogon" attribute is not replicated, a different value
is stored on each Domain Controller (DC) for each user or computer. The
program must seach every DC in the domain for the latest value for each user
or computer. A more efficient method for finding old computer accounts is to
retrieve the date the password was last set. By default, the system resets
computer account passwords every 30 days. While you can't tell exactly when
the machine was last connected to the network, you can narrow it down to a
30 day window. This method is faster because the "pwdLastSet" attribute is
replicated, so the program must only query one DC. I have a sample program,
again for user objects, linked on this page:

http://www.rlmueller.net/PwdLastChanged.htm

The same modification must be made to this program to report on computers
instead of users, but the change is documented in the code. This program
should also be run at a command prompt with cscript, but this time the
output file name is passed to the program as a parameter. In a large
network, this program should be much faster.

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google