RE: How to generate a report of inactive domain user accounts

• Previous message: Chapman, Justin T: "RE: How to generate a report of inactive domain user accounts"
• In reply to: Benjamin D. Goldman: "RE: How to generate a report of inactive domain user accounts"
• Next in thread: Tony Gordon: "Re: How to generate a report of inactive domain user accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Tiago Halm" <thalm@netcabo.pt>
To: "'Benjamin D. Goldman'" <bgoldman@kipany.com>, "'Amarante, Rodrigo P.'" <RPAmarante@directvla.com>, "'Brian E'" <brian_anon@hotmail.com>, <focus-ms@securityfocus.com>
Date: Sat, 12 Apr 2003 00:11:51 +0100

Some time ago, I wrote a vbs script that did exactly that.
It generates a tab-separated values file format which you can then bcp in
into your sql server or parse it any way you want.
It outputs AdsClass (computer or user), sAMAccountName (Account Name), cn
(Common Name) and Date of last login.
The date of last login is the most recent one found in all domain
controllers provided to the script.

Here goes,

------------------ start -----------------------
Option Explicit

Sub RecurseLDAP(ByVal p_sAdsPath, ByVal p_sDCName)
        Dim oOBJ, oSHM, oCHD, oValue

        Set oOBJ = GetObject(p_sAdsPath)
        Set oSHM = GetObject(oOBJ.Schema)
        Call oOBJ.GetInfo

        On Error Resume Next
        oValue = oOBJ.LastLogin
        If Err.Number = 0 Then
                Dim dCurrDate, dOldDate
                dCurrDate = DateValue(oValue)
                dCurrDate = CDate(Year(dCurrDate) & "-" & Month(dCurrDate) &
"-" & Day(dCurrDate) & " " & TimeValue(oValue))
                If oDict.Exists(oOBJ.sAMAccountName) Then
                        dOldDate = oDict.Item(oOBJ.sAMAccountName)(2)
                        If DateDiff("s", dCurrDate, dtNow) < DateDiff("s",
dOldDate, dtNow) Then
                                oDict.Item(oOBJ.sAMAccountName) =
Array(oOBJ.Class, oOBJ.cn, dCurrDate)
                        End If
                Else
                        Call oDict.Add(oOBJ.sAMAccountName,
Array(oOBJ.Class, oOBJ.cn, dCurrDate))
                End If
        Else
                Call Err.Clear
        End If
        On Error Goto 0

        If oSHM.Container Then
                For Each oCHD In oOBJ
                        Call RecurseLDAP(oCHD.AdsPath, p_sDCName)
                Next
        End If
End Sub

Sub FormatDict(ByVal p_sFile)
        Dim oFSO, oTS, dDate
        Dim arrKeys, nIndex, sYear

        Set oFSO = CreateObject("Scripting.FileSystemObject")
        Set oTS = oFSO.CreateTextFile(p_sFile, True, True)

        Call oTS.WriteLine("Class" & vbTab & "Acount" & vbTab & "cn" & vbTab
& "Date/Time")
        arrKeys = oDict.Keys
        For nIndex = 0 To oDict.Count - 1
                dDate = DateValue(oDict.Item(arrKeys(nIndex))(2))
                sYear = Year(dDate)
                If CLng(sYear) < 1970 Then sYear = "1970"
                Call oTS.WriteLine(oDict.Item(arrKeys(nIndex))(0) & vbTab &
arrKeys(nIndex) & vbTab & oDict.Item(arrKeys(nIndex))(1) & vbTab & sYear &
"-" & Month(dDate) & "-" & Day(dDate) & " " &
TimeValue(oDict.Item(arrKeys(nIndex))(2)))
        Next

        Call oTS.Close
End Sub

If WScript.Arguments.Count < 3 Then
        WScript.Echo "Usage: ChechLogin.vbs <file> <site> <dc1> [<dcn>]"
        WScript.Echo
        WScript.Echo "<file>" & vbTab & "output filename"
        WScript.Echo "<site>" & vbTab & "AD site name (ex:
dc=MySite,dc=MyCompany,dc=com)"
        WScript.Echo "<dc1>" & vbTab & "domain controller name"
        WScript.Echo "<dcn>" & vbTab & "other domain controllers name"
        WScript.Echo
        WScript.Echo "Examples"
        WScript.Echo "--------"
        WScript.Echo "CheckLogin.vbs c:\myfile.txt
dc=MySite,dc=MyCompany,dc=com MyDC1"
        WScript.Echo "CheckLogin.vbs c:\myfile.txt
dc=MySite,dc=MyCompany,dc=com MyDC1 MyDC2 MyDC3"
        WScript.Quit
End If

Dim dtNow, oDict, sFile, sSite, nDCIndex, sDCName

dtNow = Now
Set oDict = CreateObject("Scripting.Dictionary")
sFile = WScript.Arguments(0)
sSite = WScript.Arguments(1)

For nDCIndex = 2 To WScript.Arguments.Count - 1
        sDCName = WScript.Arguments(nDCIndex)
        Call RecurseLDAP("LDAP://" & sDCName & "/" & sSite, sDCName)
Next
Call FormatDict(sFile)
------------------ end -----------------------

Hope it helps,
Tiago Halm

----------------------------------------------------------------------
Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of
technology including filtering embedded and attached file content. Rid your
enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2
Download your free fully functional trial, complete with 30-days of free
technical support.
----------------------------------------------------------------------

• Previous message: Chapman, Justin T: "RE: How to generate a report of inactive domain user accounts"
• In reply to: Benjamin D. Goldman: "RE: How to generate a report of inactive domain user accounts"
• Next in thread: Tony Gordon: "Re: How to generate a report of inactive domain user accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]