Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

W2003 domain computer account script

156 views
Skip to first unread message

Robert

unread,
Dec 15, 2003, 9:50:07 AM12/15/03
to
Does anyone out there have a script that I can run on the
domain that will tell me when the last time a computer
account has been accessed.I need to determine whether or
not I can delete old workstation accounts without having
to go a touch each one manually

Richard Mueller [MVP]

unread,
Dec 15, 2003, 2:02:59 PM12/15/03
to
Robert wrote:

Hi,

I have a sample VBScript program that retrieves the lastLogon date for all
users in the domain linked on the page below. It can be easily modified to
report on all computer objects instead:

http://www.rlmueller.net/Last%20Logon.htm

To modify for computers instead of users, change this line:

strFilter = "(&(objectCategory=person)(objectClass=user))"

which is in the loop that queries each Domain Controller, to this:

strFilter = "(objectCategory=computer)"

The program should be run at a command prompt using the cscript host. The
output can be redirected to a text file, which can be imported into a
spreadsheet for analysis.

While this program will give you what you requested, it can take awhile to
run. Because the "lastLogon" attribute is not replicated, a different value
is stored on each Domain Controller (DC) for each user or computer. The
program must seach every DC in the domain for the latest value for each user
or computer. A more efficient method for finding old computer accounts is to
retrieve the date the password was last set. By default, the system resets
computer account passwords every 30 days. While you can't tell exactly when
the machine was last connected to the network, you can narrow it down to a
30 day window. This method is faster because the "pwdLastSet" attribute is
replicated, so the program must only query one DC. I have a sample program,
again for user objects, linked on this page:

http://www.rlmueller.net/PwdLastChanged.htm

The same modification must be made to this program to report on computers
instead of users, but the change is documented in the code. This program
should also be run at a command prompt with cscript, but this time the
output file name is passed to the program as a parameter. In a large
network, this program should be much faster.

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--


0 new messages