Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Find/locate AD Objects based on their "created/modified dates"

1,511 views
Skip to first unread message

Joe Richards [MVP]

unread,
Jul 1, 2004, 4:07:27 PM7/1/04
to
You would need to create a custom advanced filter that filtered on the value of
whenCreated and whenChanged. Look at the format of those attributes and you
should be able to work it out. If you still have an issue, come back and post
what you did and what you got and I will help further.

You may also consider using command line LDAP tools, aduc really isn't that
great for doing things like this. Check out adfind on the free win32 c++ tools
of www.joeware.net.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

ibnu wrote:
> Using Windows 2000's "Active Directories Users and Computers", how could I find or locate Objects (Users or Computers) based on the date that they were created or modified?
> For example, I want to locate all Computers that were created on May 30, 2004 and all Users that were modified on June 1, 2004.

Jerold Schulman

unread,
Jul 1, 2004, 4:29:11 PM7/1/04
to
On Thu, 1 Jul 2004 10:57:01 -0700, "ibnu" <ib...@discussions.microsoft.com>
wrote:

>Using Windows 2000's "Active Directories Users and Computers", how could I find or locate Objects (Users or Computers) based on the date that they were created or modified?
>For example, I want to locate all Computers that were created on May 30, 2004 and all Users that were modified on June 1, 2004.


Using the Active DIrectory command line tools, tip 6820 in the 'Tips & Tricks'
at http://www.jsiinc.com

See tip 7992.

See tip 8006 for an example.


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

ibnu

unread,
Jul 1, 2004, 6:34:01 PM7/1/04
to
Thank you very much for the information. It was very helpful.
I am installing Windows 2003 now, will try the solution, and I will keep you posted.

Thanks again.

ibnu

unread,
Jul 2, 2004, 8:10:01 PM7/2/04
to
Hi Jerold,

Again, thank you very much for the information.

Here are the modifications that I did, and since I am not familiar with scripting, I hope you are willing to point my mistakes.

First, I modified the script to list Users who were CREATED after a specified date:

@echo off
if {%1}=={} @echo Syntax: UserCreatedAfter YYYYMMDD&exit /b 1
setlocal
set after=%1
set query=dsquery * domainroot -filter "(&(objectClass=User))" -attr name whenCreated description -limit 0
for /f "Skip=1 Tokens=1-5* Delims=/ " %%c in ('%query%') do (
set name=%%c
set created=%%f%%d%%e
set description=%%h
call :checkdt
)
endlocal
exit /b 0
:checkdt
if "%created%" LEQ "%after%" goto :EOF
@echo %name% %created% %description%

When I ran the script, the list also showed Computers that were created after the specified date. Why is that? I thought I only need to change the objectClass=User

The list also showed Users in the following format:
FirstName 23LastName10 14:53:01 User's description.

FirstName 21LastName08 22:11:43 User's description.

FirstName 27LastName02 02:04:14 User's description.

FirstName 28LastName11 00:03:09 User's description.

FirstName 27LastName07 20:56:00 User's description.

When I used "Active Directory Users and Computers" to verify, I found out that the list showed Users who were MODIFIED after the specified date, regardless when the users were actually CREATED. Why is that?
Why is the LastName appears between the Day and Month?
The Time also does not match with the information in Object Tab of the User's Properties.

Secondly, I modified the script to list only Users who were MODIFIED after a specified date:

@echo off
if {%1}=={} @echo Syntax: UserModifiedAfter YYYYMMDD&exit /b 1
setlocal
set after=%1
set query=dsquery * domainroot -filter "(&(objectClass=User))" -attr name whenModified description -limit 0
for /f "Skip=1 Tokens=1-5* Delims=/ " %%c in ('%query%') do (
set name=%%c
set modified=%%f%%d%%e
set description=%%h
call :checkdt
)
endlocal
exit /b 0
:checkdt
if "%modified%" LEQ "%after%" goto :EOF
@echo %name% %modified% %description%

When I ran the script, the list also showed Computers that were created after the specified date. Why is that?

Along the list of Users who were MODIFIED after a specified date, the following lines appeared (I only include 2 of them here as samples):

'Mktg' is not recognized as an internal or external command, operable program or batch file.
'Comm.' is not recognized as an internal or external command, operable program or batch file.

I could not fine "Mktg" or "Comm" information in the "Active Directory Users and Computers". Where did those line come from?

Any tips that you can provide is greatly appreciated.

Ibnu.

Joe Richards [MVP]

unread,
Jul 2, 2004, 9:49:46 PM7/2/04
to
I am not a batch guy so trying to read that would take me all day but I can tell
you your search filter isn't very efficient unless you guys have tweaked the
Schema to index objectclass. You will want to change your filter to one of these
two things:

"(&(objectcategory=person)(objectclass=user))"

or

"(&(objectcategory=person)(samaccountname=*))"

Also note that the way whencreated and whenchanged work, you can actually
specify them in the search filter so you only return objects created/modified
after the specified date like so:

"(&(objectcategory=person)(objectclass=user)(whencreated>=20040501000000.0Z))"


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net

Jerold Schulman

unread,
Jul 3, 2004, 6:09:02 AM7/3/04
to

You need (objectCategory=Person)(objectClass=User)
Use displayName or distinguishedName or sAMAccountName

On Fri, 2 Jul 2004 17:10:01 -0700, "ibnu" <ib...@discussions.microsoft.com>

ibnu

unread,
Jul 6, 2004, 1:30:02 PM7/6/04
to
Jerold,

Thank you very much for the information.....

ik

unread,
Jul 6, 2004, 1:30:02 PM7/6/04
to
Joe,

Thank you very much for the information..... It was helpful.

0 new messages