I am trying to come up with a script that will display computers (not users)
that have not logged into my Active Directory for at least 30 days. Meaning
I want a way to display computers that have not been used for 30 days..

Thanks for any help!!

Here's a script that queries your local DC to get the computer.lastlogin
value.  This value is not replicated throughout the domain and to get the
true value you need to query each DC and compare the results.

This script is not very robust but should help you out.

Option Explicit
On Error Resume Next
'-----------------------------------------------------------
'
'         Title: compinfo.vbs
'   Description: Gets the last time a PC logged onto a domain
'
'         Usage: cscript compinfo.vbs
'          TODO: Change DEFAULTOU and LOGDEST
'         Notes: * Output is computer name and last login delimited
'                by semicolon
'                * LastLogin is not replicated throughout the ad
'                and script needs to be run on all DCs to determine
'                true last login value
'
'-----------------------------------------------------------

const ASASCII = 0
' default ou.  Edit to reflect your ad structure
const DEFAULTOU = "ou=computers,dc=your_namespace,dc=com"
const FORWRITE = 2
' destination of log file.  Edit to reflect your log folder
const LOGDEST = "c:\logs\"

dim oComputer, oDelFile, oFS, oLogFile, oMember, oOU
dim sDate, sLogFile, sMsg

' format log file name as Windows file names can not contain "/"s
sDate = CStr(date)
sDate = Replace(sDate, "/", "-")
sLogFile = LOGDEST & sDate & ".txt"
set oFS = CreateObject("Scripting.FileSystemObject")
' find and delete duplicate named file -- so it won't append new data to
existing file
if (oFS.FileExists(sLogFile)) Then
 Set oDelFile = oFS.GetFile(sLogFile)
 oDelFile.Delete
end if
' open log for output and write headers
set oLogFile = oFS.OpenTextFile(sLogFile, FORWRITE, True, ASASCII)
oLogFile.WriteLine "Computer Name; Last Login"
' get active directory ou
set oOU = GetObject("LDAP://" & DEFAULTOU)
' enumerate ou and get list of computers
For Each oComputer in oOU
 Set oMember = GetObject("LDAP://" & oComputer.Name & "," & DEFAULTOU)
 oLogFile.WriteLine mid(oComputer.Name, 4, len(computer.Name)) & "; " &
oMember.LastLogin
 set oMember = nothing
Next

' send message to screen stating that script has finished
WScript.Echo "All righty then.  I am finished  :)"

' release memory and close up shop
oLogFile.close
set oFS = nothing

Hope this helps
-josephc

Thank you very much!!!

Hi,

If you have many DC's, it is easier to check the last date the password was
reset for each computer account. By default, the system resets computer
passwords every 30 days, so if the password was last set 60 days ago, the
machine has been inactive for at least 30 days. The program linked below
dumps out all users and the last time each reset their password to a text
file, which can be imported to a spreadsheet for analysis. It can be easily
modified to document computers instead of users.

http://www.rlmueller.net/PwdLastChanged.htm

The program has comments to modify it for computers. The relevant portion of
the code is:

' Filter to retrieve all user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Filter to retrieve all computer objects.
' strFilter = "(objectCategory=computer)"

Comment out the filter for users and uncomment the filter for computers. I
also have a similar program to determine lastLogon, but in a large network
with slow links it can take a few hours to run.

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--

Richard that works awesome, but how can I get it to only dump if the pasword
has not been changed for 60 days as you describe, it is dumping all
computers..

Surely you could just pipe the output of richards script to a text file. and then paste that text file to excel and then sort by date. I haven't seen Richards run but I think I stole most of the code he uses and put it in this one that I use....

---------- begin script-------------
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
  & "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
  lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
  lngBias = 0
  For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
  Next
End If

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, pwdLastSet, whenChanged from 'LDAP://DC=NNA,DC=IMRAC,DC=NET' " _
        & "where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Wscript.Echo "Computer Name" & vbtab & "PWD Last Set" & vbtab & "Last Seen"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    lngDate = objRecordSet.Fields("pwdLastSet")
      On Error Resume Next
      Err.Clear
    Set objDate = lngDate
   If Err.Number <> 0 Then
      Err.Clear
      On Error GoTo 0
      dtmDate = #1/1/1601#
   Else
     On Error GoTo 0
     dtmDate = Integer8Date(objDate, lngBias)
   End If
'Wscript.echo dtmDate
    Wscript.Echo objRecordSet.Fields("Name").Value & vbtab & dtmDate & vbtab & objRecordSet.Fields("whenChanged").Value
    objRecordSet.MoveNext
Loop

Function Integer8Date(objDate, lngBias)
' Function to convert Integer8 (64-bit) value to a date,
' adjusted for time zone bias.
Dim lngAdjust, lngDate
  lngAdjust = lngBias
  If (objDate.HighPart = 0) And (objDate.LowPart = 0) Then
    lngAdjust = 0
  End If
  lngDate = #1/1/1601# + (((objDate.HighPart * (2 ^ 32)) _
    + objDate.LowPart) / 600000000 - lngAdjust) / 1440
  Integer8Date = CDate(lngDate)
End Function
-------------- end script ----------------

if you run this code using cscript //nologo nameofscript.txt > output.txt

you can open output.txt and you have a tab delimited file that is perfect for pasting into excel. This isn't to say that I wouldn't love to see the code to filter out the things not older then 30 days, I just don't know how to do it myself, I've never had luck matching dates.

Actually having posted that I've now decided that I have the exact same question. Below is a snippet of code that I worked on last week when I was trying to do about the same thing. I decided that it would be best to filter out in the query the information I didn't want based on date. In this case the date is in Generalized time format but I had to set my query in UTC

-------- Begin Snippet---------------
CurrentUTC = DatePart("yyyy", Date)
'now add Month in mm if only M add leading 0
if DatePart("m" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("m" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("m" , Now)
end if
'now add Day in dd if only d add leading 0
if DatePart("d" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("d" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("d" , Now)
end if
'since i'm not worried about hour, minute, second and etc just tag the rest on
'if I was i would continue on like this.
CurrentUTC = CurrentUTC&"000001.0Z"
'now we have set UTC lets get the info

'myDelim = Chr(44) 'comma
myDelim = Vbtab 'tab
Const ADS_SCOPE_SUBTREE = 2
Const ForAppending = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

'LOOK HERE!!!!
'OK this is the important part

objCommand.CommandText = _
    "Select Name, mail, createTimeStamp, title, telephoneNumber, logonCount, whenCreated from 'LDAP://DC=nna,DC=imrac,DC=net' " & "where objectCategory='person' and Name<>'SystemMailbox*' and objectclass='user' and whenCreated = CurrentUTC"

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (".\usrqry.txt", ForAppending, True)
Set objRecordSet = objCommand.Execute
if header = 1 then
    objTextFile.WriteLine "Name" & myDelim & "email address" & myDelim & "Created" & myDelim & "Phone Number" & myDelim & "Exchange DB"
End if
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim & objRecordSet.Fields("mail").Value & myDelim & objRecordSet.Fields("createTimeStamp").Value & myDelim & objRecordSet.Fields("telephoneNumber").Value & myDelim & objRecordSet.Fields("homeMDB").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & objRecordSet.Fields("mail").Value & "," & objRecordSet.Fields("whenCreated").Value & "," & objRecordSet.Fields("telephoneNumber").Value
'    Else
'    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim & "!!!NO EMAIL HERE!!!" & myDelim & objRecordSet.Fields("createTimeStamp").Value & myDelim & objRecordSet.Fields("telephoneNumber").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & "!!!NO EMAIL HERE!!!" & "," & objRecordSet.Fields("whenCreated").Value & "," & objRecordSet.Fields("telephoneNumber").Value
    end if
    objRecordSet.MoveNext
Loop
End Sub
------------- end snippet -------------

Sorry hope that isn't to much to process, I could have cut alot of it out becuase there are only a few things that are pertinent. My question is that when I do my select and try to make it query based on CurrentUTC (the variable I defined earlier) I get an error. If I explicitly write out the UTCdate in the select statement it works. so what did I do wrong? or if it is easier what did I do right?

Hi,

I think the easiest solution is to use the DateDiff function in the final
loop in the program. For example, here is the final loop revised to only
output if PwdLastSet is over 60 days in the past:

Do Until objRecordSet.EOF
  strDN = objRecordSet.Fields("distinguishedName")
  lngFlag = objRecordSet.Fields("userAccountControl")
  blnPwdExpire = True
  If (lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
    blnPwdExpire = False
  End If
  If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
    blnPwdExpire = False
  End If
  lngDate = objRecordSet.Fields("pwdLastSet")
  Set objDate = lngDate
  dtmPwdLastSet = Integer8Date(objDate, lngBias)
  If DateDiff("d", dtmPwdLastSet, Now) > 60 Then
    objFile.WriteLine strDN & " ; " & blnPwdExpire & " ; " & dtmPwdLastSet
  End If
  objRecordSet.MoveNext
Loop

Note you can't filter in the ADO code because the attribute is Integer8. For
computer objects blnPwdExpire will always be true.

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--

Actually having posted that I've now decided that I have the exact same
question. Below is a snippet of code that I worked on last week when I was
trying to do about the same thing. I decided that it would be best to filter
out in the query the information I didn't want based on date. In this case
the date is in Generalized time format but I had to set my query in UTC

-------- Begin Snippet---------------
CurrentUTC = DatePart("yyyy", Date)
'now add Month in mm if only M add leading 0
if DatePart("m" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("m" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("m" , Now)
end if
'now add Day in dd if only d add leading 0
if DatePart("d" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("d" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("d" , Now)
end if
'since i'm not worried about hour, minute, second and etc just tag the rest
on
'if I was i would continue on like this.
CurrentUTC = CurrentUTC&"000001.0Z"
'now we have set UTC lets get the info

'myDelim = Chr(44) 'comma
myDelim = Vbtab 'tab
Const ADS_SCOPE_SUBTREE = 2
Const ForAppending = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

'LOOK HERE!!!!
'OK this is the important part

objCommand.CommandText = _
    "Select Name, mail, createTimeStamp, title, telephoneNumber, logonCount,
whenCreated from 'LDAP://DC=nna,DC=imrac,DC=net' " & "where
objectCategory='person' and Name<>'SystemMailbox*' and objectclass='user'
and whenCreated = CurrentUTC"

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (".\usrqry.txt", ForAppending, True)
Set objRecordSet = objCommand.Execute
if header = 1 then
    objTextFile.WriteLine "Name" & myDelim & "email address" & myDelim &
"Created" & myDelim & "Phone Number" & myDelim & "Exchange DB"
End if
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim &
objRecordSet.Fields("mail").Value & myDelim &
objRecordSet.Fields("createTimeStamp").Value & myDelim &
objRecordSet.Fields("telephoneNumber").Value & myDelim &
objRecordSet.Fields("homeMDB").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," &
objRecordSet.Fields("mail").Value & "," &
objRecordSet.Fields("whenCreated").Value & "," &
objRecordSet.Fields("telephoneNumber").Value
'    Else
'    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim &
"!!!NO EMAIL HERE!!!" & myDelim &
objRecordSet.Fields("createTimeStamp").Value & myDelim &
objRecordSet.Fields("telephoneNumber").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & "!!!NO EMAIL
HERE!!!" & "," & objRecordSet.Fields("whenCreated").Value & "," &
objRecordSet.Fields("telephoneNumber").Value
    end if
    objRecordSet.MoveNext
Loop
End Sub
------------- end snippet -------------

Sorry hope that isn't to much to process, I could have cut alot of it out
becuase there are only a few things that are pertinent. My question is that
when I do my select and try to make it query based on CurrentUTC (the
variable I defined earlier) I get an error. If I explicitly write out the
UTCdate in the select statement it works. so what did I do wrong? or if it
is easier what did I do right?

Could I filter in the ADO code based on the whenCreated field?, Maybe I should start a new thread as it seems I have a totally different question but it seemed in context when I asked it.

That worked out beutifully Richard thank you!!

Could I filter in the ADO code based on the whenCreated field?, Maybe I
should start a new thread as it seems I have a totally different question
but it seemed in context when I asked it.