RE: Expire accounts from Active Directory after a period of inactivity

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 03/25/03

  • Next message: Enis Arif: "RE: USB Tokens" 
    From: "Laura A. Robinson" <larobins@bellatlantic.net>
To: "'Amos, Mark (Toledo IS)'" <Mark.Amos@owenscorning.com>
Date: Tue, 25 Mar 2003 16:34:47 -0500

    Sure thing!

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/u
    ser_object_properties.asp
    or
    http://tinyurl.com/85a7

    Windows Server 2003, when domain and forest functional levels are at Windows
    Server 2003 FL, a new attribute, last-logon-timestamp, becomes available:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad
    /win2k3only_a_lastlogontimestamp.asp
    or
    http://tinyurl.com/85ad

    Since you're probably not the only one to have this question (is there
    documentation of what I said below), I'll snip your e-mail to me and cc the
    list on this, cool?

    Laura

    My original statements:

    One thing to be conscious of- in Windows 2000, last logon time/date is not
    replicated through AD. It is stored locally on the authenticating DC.
    Therefore, you could not simply query AD for this information- you would
    have to query each DC. In Windows Server 2003, once you've raised your
    domains and forest functional levels to Windows Server 2003 (no downlevel
    DCs), the ability to retrieve logon time/date from AD exists and the
    information replicates. In fact, there is a pre-definied query in ADU&C in
    Windows Server 2003 for just this purpose.

    Laura

    ----------------------------------------------------------------------
    Get serious about enterprise anti-spam management.
    SurfControl E-mail Filter for SMTP & Exchange
    leverages multiple layers of technology to defeat
    spam with accuracy. Download a free 30-day trial:
    http://www.surfcontrol.com/go/zsfmsl1

  • Next message: Enis Arif: "RE: USB Tokens"

    Relevant Pages

    • I receive odd queries from unknown remote systems.
      ... It was recently revealed to me that strangelooking queries like these are known to be generated in a Windows server Active Directory environment, with which I am completely unfamiliar and therefore seek your opinion. ...
      (microsoft.public.windows.server.dns)
    • Re: ASP.NET pages occasionally time out
      ... All ASP.NET applications run under the ... Windows Server 2003. ... You'll need to spin up a new thread to handle the query. ... | optional paging, or download as XLS. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Heres a Hard one!!!
      ... Server: Windows Server 2003 ... Active Directory and DNS look fine. ... nslookup returns the correct info. Netdiag looks good. ... The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.com ...
      (microsoft.public.windowsxp.setup_deployment)
    • Re: User Account Security Tab HELP
      ... Joe Richards Microsoft MVP Windows Server Directory Services ... Mark H wrote: ... though there was an error message about referrals so I have posted a query on the joeware site. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Unauthenticated DNS clients
      ... they can query (IOW unless you have restricted with such ... as firewall, IPsec, etc. they can query) ... use dynamic updates if the updates are not secured, ... Microsoft MVP (Windows Server System: ...
      (microsoft.public.windows.server.dns)