Computer Accounts not logged into AD for thirty days 
Author Message
 Computer Accounts not logged into AD for thirty days

I am trying to come up with a script that will display computers (not users)
that have not logged into my Active Directory for at least 30 days. Meaning
I want a way to display computers that have not been used for 30 days..

Thanks for any help!!



Mon, 07 Nov 2005 21:07:17 GMT  
 Computer Accounts not logged into AD for thirty days
Here's a script that queries your local DC to get the computer.lastlogin
value.  This value is not replicated throughout the domain and to get the
true value you need to query each DC and compare the results.

This script is not very robust but should help you out.

Option Explicit
On Error Resume Next
'-----------------------------------------------------------
'
'         Title: compinfo.vbs
'   Description: Gets the last time a PC logged onto a domain
'
'         Usage: cscript compinfo.vbs
'          TODO: Change DEFAULTOU and LOGDEST
'         Notes: * Output is computer name and last login delimited
'                by semicolon
'                * LastLogin is not replicated throughout the ad
'                and script needs to be run on all DCs to determine
'                true last login value
'
'-----------------------------------------------------------

const ASASCII = 0
' default ou.  Edit to reflect your ad structure
const DEFAULTOU = "ou=computers,dc=your_namespace,dc=com"
const FORWRITE = 2
' destination of log file.  Edit to reflect your log folder
const LOGDEST = "c:\logs\"

dim oComputer, oDelFile, oFS, oLogFile, oMember, oOU
dim sDate, sLogFile, sMsg

' format log file name as Windows file names can not contain "/"s
sDate = CStr(date)
sDate = Replace(sDate, "/", "-")
sLogFile = LOGDEST & sDate & ".txt"
set oFS = CreateObject("Scripting.FileSystemObject")
' find and delete duplicate named file -- so it won't append new data to
existing file
if (oFS.FileExists(sLogFile)) Then
 Set oDelFile = oFS.GetFile(sLogFile)
 oDelFile.Delete
end if
' open log for output and write headers
set oLogFile = oFS.OpenTextFile(sLogFile, FORWRITE, True, ASASCII)
oLogFile.WriteLine "Computer Name; Last Login"
' get active directory ou
set oOU = GetObject("LDAP://" & DEFAULTOU)
' enumerate ou and get list of computers
For Each oComputer in oOU
 Set oMember = GetObject("LDAP://" & oComputer.Name & "," & DEFAULTOU)
 oLogFile.WriteLine mid(oComputer.Name, 4, len(computer.Name)) & "; " &
oMember.LastLogin
 set oMember = nothing
Next

' send message to screen stating that script has finished
WScript.Echo "All righty then.  I am finished  :)"

' release memory and close up shop
oLogFile.close
set oFS = nothing

Hope this helps
-josephc



Quote:
> I am trying to come up with a script that will display computers (not
users)
> that have not logged into my Active Directory for at least 30 days.
Meaning
> I want a way to display computers that have not been used for 30 days..

> Thanks for any help!!



Mon, 07 Nov 2005 21:47:11 GMT  
 Computer Accounts not logged into AD for thirty days
Thank you very much!!!


Quote:
> Here's a script that queries your local DC to get the computer.lastlogin
> value.  This value is not replicated throughout the domain and to get the
> true value you need to query each DC and compare the results.

> This script is not very robust but should help you out.

> Option Explicit
> On Error Resume Next
> '-----------------------------------------------------------
> '
> '         Title: compinfo.vbs
> '   Description: Gets the last time a PC logged onto a domain
> '
> '         Usage: cscript compinfo.vbs
> '          TODO: Change DEFAULTOU and LOGDEST
> '         Notes: * Output is computer name and last login delimited
> '                by semicolon
> '                * LastLogin is not replicated throughout the ad
> '                and script needs to be run on all DCs to determine
> '                true last login value
> '
> '-----------------------------------------------------------

> const ASASCII = 0
> ' default ou.  Edit to reflect your ad structure
> const DEFAULTOU = "ou=computers,dc=your_namespace,dc=com"
> const FORWRITE = 2
> ' destination of log file.  Edit to reflect your log folder
> const LOGDEST = "c:\logs\"

> dim oComputer, oDelFile, oFS, oLogFile, oMember, oOU
> dim sDate, sLogFile, sMsg

> ' format log file name as Windows file names can not contain "/"s
> sDate = CStr(date)
> sDate = Replace(sDate, "/", "-")
> sLogFile = LOGDEST & sDate & ".txt"
> set oFS = CreateObject("Scripting.FileSystemObject")
> ' find and delete duplicate named file -- so it won't append new data to
> existing file
> if (oFS.FileExists(sLogFile)) Then
>  Set oDelFile = oFS.GetFile(sLogFile)
>  oDelFile.Delete
> end if
> ' open log for output and write headers
> set oLogFile = oFS.OpenTextFile(sLogFile, FORWRITE, True, ASASCII)
> oLogFile.WriteLine "Computer Name; Last Login"
> ' get active directory ou
> set oOU = GetObject("LDAP://" & DEFAULTOU)
> ' enumerate ou and get list of computers
> For Each oComputer in oOU
>  Set oMember = GetObject("LDAP://" & oComputer.Name & "," & DEFAULTOU)
>  oLogFile.WriteLine mid(oComputer.Name, 4, len(computer.Name)) & "; " &
> oMember.LastLogin
>  set oMember = nothing
> Next

> ' send message to screen stating that script has finished
> WScript.Echo "All righty then.  I am finished  :)"

> ' release memory and close up shop
> oLogFile.close
> set oFS = nothing

> Hope this helps
> -josephc



> > I am trying to come up with a script that will display computers (not
> users)
> > that have not logged into my Active Directory for at least 30 days.
> Meaning
> > I want a way to display computers that have not been used for 30 days..

> > Thanks for any help!!



Mon, 07 Nov 2005 22:06:04 GMT  
 Computer Accounts not logged into AD for thirty days
Hi,

If you have many DC's, it is easier to check the last date the password was
reset for each computer account. By default, the system resets computer
passwords every 30 days, so if the password was last set 60 days ago, the
machine has been inactive for at least 30 days. The program linked below
dumps out all users and the last time each reset their password to a text
file, which can be imported to a spreadsheet for analysis. It can be easily
modified to document computers instead of users.

http://www.rlmueller.net/PwdLastChanged.htm

The program has comments to modify it for computers. The relevant portion of
the code is:

' Filter to retrieve all user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Filter to retrieve all computer objects.
' strFilter = "(objectCategory=computer)"

Comment out the filter for users and uncomment the filter for computers. I
also have a similar program to determine lastLogon, but in a large network
with slow links it can take a few hours to run.

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--



Quote:
> Thank you very much!!!



> > Here's a script that queries your local DC to get the computer.lastlogin
> > value.  This value is not replicated throughout the domain and to get
the
> > true value you need to query each DC and compare the results.

> > This script is not very robust but should help you out.

> > Option Explicit
> > On Error Resume Next
> > '-----------------------------------------------------------
> > '
> > '         Title: compinfo.vbs
> > '   Description: Gets the last time a PC logged onto a domain
> > '
> > '         Usage: cscript compinfo.vbs
> > '          TODO: Change DEFAULTOU and LOGDEST
> > '         Notes: * Output is computer name and last login delimited
> > '                by semicolon
> > '                * LastLogin is not replicated throughout the ad
> > '                and script needs to be run on all DCs to determine
> > '                true last login value
> > '
> > '-----------------------------------------------------------

> > const ASASCII = 0
> > ' default ou.  Edit to reflect your ad structure
> > const DEFAULTOU = "ou=computers,dc=your_namespace,dc=com"
> > const FORWRITE = 2
> > ' destination of log file.  Edit to reflect your log folder
> > const LOGDEST = "c:\logs\"

> > dim oComputer, oDelFile, oFS, oLogFile, oMember, oOU
> > dim sDate, sLogFile, sMsg

> > ' format log file name as Windows file names can not contain "/"s
> > sDate = CStr(date)
> > sDate = Replace(sDate, "/", "-")
> > sLogFile = LOGDEST & sDate & ".txt"
> > set oFS = CreateObject("Scripting.FileSystemObject")
> > ' find and delete duplicate named file -- so it won't append new data to
> > existing file
> > if (oFS.FileExists(sLogFile)) Then
> >  Set oDelFile = oFS.GetFile(sLogFile)
> >  oDelFile.Delete
> > end if
> > ' open log for output and write headers
> > set oLogFile = oFS.OpenTextFile(sLogFile, FORWRITE, True, ASASCII)
> > oLogFile.WriteLine "Computer Name; Last Login"
> > ' get active directory ou
> > set oOU = GetObject("LDAP://" & DEFAULTOU)
> > ' enumerate ou and get list of computers
> > For Each oComputer in oOU
> >  Set oMember = GetObject("LDAP://" & oComputer.Name & "," & DEFAULTOU)
> >  oLogFile.WriteLine mid(oComputer.Name, 4, len(computer.Name)) & "; " &
> > oMember.LastLogin
> >  set oMember = nothing
> > Next

> > ' send message to screen stating that script has finished
> > WScript.Echo "All righty then.  I am finished  :)"

> > ' release memory and close up shop
> > oLogFile.close
> > set oFS = nothing

> > Hope this helps
> > -josephc



> > > I am trying to come up with a script that will display computers (not
> > users)
> > > that have not logged into my Active Directory for at least 30 days.
> > Meaning
> > > I want a way to display computers that have not been used for 30
days..

> > > Thanks for any help!!



Mon, 07 Nov 2005 22:30:07 GMT  
 Computer Accounts not logged into AD for thirty days
Richard that works awesome, but how can I get it to only dump if the pasword
has not been changed for 60 days as you describe, it is dumping all
computers..



Quote:
> Hi,

> If you have many DC's, it is easier to check the last date the password
was
> reset for each computer account. By default, the system resets computer
> passwords every 30 days, so if the password was last set 60 days ago, the
> machine has been inactive for at least 30 days. The program linked below
> dumps out all users and the last time each reset their password to a text
> file, which can be imported to a spreadsheet for analysis. It can be
easily
> modified to document computers instead of users.

> http://www.rlmueller.net/PwdLastChanged.htm

> The program has comments to modify it for computers. The relevant portion
of
> the code is:

> ' Filter to retrieve all user objects.
> strFilter = "(&(objectCategory=person)(objectClass=user))"

> ' Filter to retrieve all computer objects.
> ' strFilter = "(objectCategory=computer)"

> Comment out the filter for users and uncomment the filter for computers. I
> also have a similar program to determine lastLogon, but in a large network
> with slow links it can take a few hours to run.

> --
> Richard
> Microsoft MVP Scripting and ADSI
> http://www.rlmueller.net
> --



> > Thank you very much!!!



> > > Here's a script that queries your local DC to get the
computer.lastlogin
> > > value.  This value is not replicated throughout the domain and to get
> the
> > > true value you need to query each DC and compare the results.

> > > This script is not very robust but should help you out.

> > > Option Explicit
> > > On Error Resume Next
> > > '-----------------------------------------------------------
> > > '
> > > '         Title: compinfo.vbs
> > > '   Description: Gets the last time a PC logged onto a domain
> > > '
> > > '         Usage: cscript compinfo.vbs
> > > '          TODO: Change DEFAULTOU and LOGDEST
> > > '         Notes: * Output is computer name and last login delimited
> > > '                by semicolon
> > > '                * LastLogin is not replicated throughout the ad
> > > '                and script needs to be run on all DCs to determine
> > > '                true last login value
> > > '
> > > '-----------------------------------------------------------

> > > const ASASCII = 0
> > > ' default ou.  Edit to reflect your ad structure
> > > const DEFAULTOU = "ou=computers,dc=your_namespace,dc=com"
> > > const FORWRITE = 2
> > > ' destination of log file.  Edit to reflect your log folder
> > > const LOGDEST = "c:\logs\"

> > > dim oComputer, oDelFile, oFS, oLogFile, oMember, oOU
> > > dim sDate, sLogFile, sMsg

> > > ' format log file name as Windows file names can not contain "/"s
> > > sDate = CStr(date)
> > > sDate = Replace(sDate, "/", "-")
> > > sLogFile = LOGDEST & sDate & ".txt"
> > > set oFS = CreateObject("Scripting.FileSystemObject")
> > > ' find and delete duplicate named file -- so it won't append new data
to
> > > existing file
> > > if (oFS.FileExists(sLogFile)) Then
> > >  Set oDelFile = oFS.GetFile(sLogFile)
> > >  oDelFile.Delete
> > > end if
> > > ' open log for output and write headers
> > > set oLogFile = oFS.OpenTextFile(sLogFile, FORWRITE, True, ASASCII)
> > > oLogFile.WriteLine "Computer Name; Last Login"
> > > ' get active directory ou
> > > set oOU = GetObject("LDAP://" & DEFAULTOU)
> > > ' enumerate ou and get list of computers
> > > For Each oComputer in oOU
> > >  Set oMember = GetObject("LDAP://" & oComputer.Name & "," & DEFAULTOU)
> > >  oLogFile.WriteLine mid(oComputer.Name, 4, len(computer.Name)) & "; "
&
> > > oMember.LastLogin
> > >  set oMember = nothing
> > > Next

> > > ' send message to screen stating that script has finished
> > > WScript.Echo "All righty then.  I am finished  :)"

> > > ' release memory and close up shop
> > > oLogFile.close
> > > set oFS = nothing

> > > Hope this helps
> > > -josephc



> > > > I am trying to come up with a script that will display computers
(not
> > > users)
> > > > that have not logged into my Active Directory for at least 30 days.
> > > Meaning
> > > > I want a way to display computers that have not been used for 30
> days..

> > > > Thanks for any help!!



Tue, 08 Nov 2005 00:01:21 GMT  
 Computer Accounts not logged into AD for thirty days

Quote:
> Richard that works awesome, but how can I get it to only dump if the pasword
> has not been changed for 60 days as you describe, it is dumping all
> computers..

Surely you could just pipe the output of richards script to a text file. and then paste that text file to excel and then sort by date. I haven't seen Richards run but I think I stole most of the code he uses and put it in this one that I use....

---------- begin script-------------
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
  & "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
  lngBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
  lngBias = 0
  For k = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(k) * 256^k)
  Next
End If

Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, pwdLastSet, whenChanged from 'LDAP://DC=NNA,DC=IMRAC,DC=NET' " _
        & "where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Wscript.Echo "Computer Name" & vbtab & "PWD Last Set" & vbtab & "Last Seen"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    lngDate = objRecordSet.Fields("pwdLastSet")
      On Error Resume Next
      Err.Clear
    Set objDate = lngDate
   If Err.Number <> 0 Then
      Err.Clear
      On Error GoTo 0
      dtmDate = #1/1/1601#
   Else
     On Error GoTo 0
     dtmDate = Integer8Date(objDate, lngBias)
   End If
'Wscript.echo dtmDate
    Wscript.Echo objRecordSet.Fields("Name").Value & vbtab & dtmDate & vbtab & objRecordSet.Fields("whenChanged").Value
    objRecordSet.MoveNext
Loop

Function Integer8Date(objDate, lngBias)
' Function to convert Integer8 (64-bit) value to a date,
' adjusted for time zone bias.
Dim lngAdjust, lngDate
  lngAdjust = lngBias
  If (objDate.HighPart = 0) And (objDate.LowPart = 0) Then
    lngAdjust = 0
  End If
  lngDate = #1/1/1601# + (((objDate.HighPart * (2 ^ 32)) _
    + objDate.LowPart) / 600000000 - lngAdjust) / 1440
  Integer8Date = CDate(lngDate)
End Function
-------------- end script ----------------

if you run this code using cscript //nologo nameofscript.txt > output.txt

you can open output.txt and you have a tab delimited file that is perfect for pasting into excel. This isn't to say that I wouldn't love to see the code to filter out the things not older then 30 days, I just don't know how to do it myself, I've never had luck matching dates.



Tue, 08 Nov 2005 02:49:56 GMT  
 Computer Accounts not logged into AD for thirty days
Actually having posted that I've now decided that I have the exact same question. Below is a snippet of code that I worked on last week when I was trying to do about the same thing. I decided that it would be best to filter out in the query the information I didn't want based on date. In this case the date is in Generalized time format but I had to set my query in UTC

-------- Begin Snippet---------------
CurrentUTC = DatePart("yyyy", Date)
'now add Month in mm if only M add leading 0
if DatePart("m" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("m" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("m" , Now)
end if
'now add Day in dd if only d add leading 0
if DatePart("d" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("d" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("d" , Now)
end if
'since i'm not worried about hour, minute, second and etc just tag the rest on
'if I was i would continue on like this.
CurrentUTC = CurrentUTC&"000001.0Z"
'now we have set UTC lets get the info

'myDelim = Chr(44) 'comma
myDelim = Vbtab 'tab
Const ADS_SCOPE_SUBTREE = 2
Const ForAppending = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

'LOOK HERE!!!!
'OK this is the important part

objCommand.CommandText = _
    "Select Name, mail, createTimeStamp, title, telephoneNumber, logonCount, whenCreated from 'LDAP://DC=nna,DC=imrac,DC=net' " & "where objectCategory='person' and Name<>'SystemMailbox*' and objectclass='user' and whenCreated = CurrentUTC"

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (".\usrqry.txt", ForAppending, True)
Set objRecordSet = objCommand.Execute
if header = 1 then
    objTextFile.WriteLine "Name" & myDelim & "email address" & myDelim & "Created" & myDelim & "Phone Number" & myDelim & "Exchange DB"
End if
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim & objRecordSet.Fields("mail").Value & myDelim & objRecordSet.Fields("createTimeStamp").Value & myDelim & objRecordSet.Fields("telephoneNumber").Value & myDelim & objRecordSet.Fields("homeMDB").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & objRecordSet.Fields("mail").Value & "," & objRecordSet.Fields("whenCreated").Value & "," & objRecordSet.Fields("telephoneNumber").Value
'    Else
'    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim & "!!!NO EMAIL HERE!!!" & myDelim & objRecordSet.Fields("createTimeStamp").Value & myDelim & objRecordSet.Fields("telephoneNumber").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & "!!!NO EMAIL HERE!!!" & "," & objRecordSet.Fields("whenCreated").Value & "," & objRecordSet.Fields("telephoneNumber").Value
    end if
    objRecordSet.MoveNext
Loop
End Sub
------------- end snippet -------------

Sorry hope that isn't to much to process, I could have cut alot of it out becuase there are only a few things that are pertinent. My question is that when I do my select and try to make it query based on CurrentUTC (the variable I defined earlier) I get an error. If I explicitly write out the UTCdate in the select statement it works. so what did I do wrong? or if it is easier what did I do right?



Tue, 08 Nov 2005 03:13:05 GMT  
 Computer Accounts not logged into AD for thirty days
Hi,

I think the easiest solution is to use the DateDiff function in the final
loop in the program. For example, here is the final loop revised to only
output if PwdLastSet is over 60 days in the past:

Do Until objRecordSet.EOF
  strDN = objRecordSet.Fields("distinguishedName")
  lngFlag = objRecordSet.Fields("userAccountControl")
  blnPwdExpire = True
  If (lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
    blnPwdExpire = False
  End If
  If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
    blnPwdExpire = False
  End If
  lngDate = objRecordSet.Fields("pwdLastSet")
  Set objDate = lngDate
  dtmPwdLastSet = Integer8Date(objDate, lngBias)
  If DateDiff("d", dtmPwdLastSet, Now) > 60 Then
    objFile.WriteLine strDN & " ; " & blnPwdExpire & " ; " & dtmPwdLastSet
  End If
  objRecordSet.MoveNext
Loop

Note you can't filter in the ADO code because the attribute is Integer8. For
computer objects blnPwdExpire will always be true.

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--

Actually having posted that I've now decided that I have the exact same
question. Below is a snippet of code that I worked on last week when I was
trying to do about the same thing. I decided that it would be best to filter
out in the query the information I didn't want based on date. In this case
the date is in Generalized time format but I had to set my query in UTC

-------- Begin Snippet---------------
CurrentUTC = DatePart("yyyy", Date)
'now add Month in mm if only M add leading 0
if DatePart("m" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("m" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("m" , Now)
end if
'now add Day in dd if only d add leading 0
if DatePart("d" , Now) < 10 then
   CurrentUTC = CurrentUTC & 0 & DatePart("d" , Now)
  else
   CurrentUTC = CurrentUTC & DatePart("d" , Now)
end if
'since i'm not worried about hour, minute, second and etc just tag the rest
on
'if I was i would continue on like this.
CurrentUTC = CurrentUTC&"000001.0Z"
'now we have set UTC lets get the info

'myDelim = Chr(44) 'comma
myDelim = Vbtab 'tab
Const ADS_SCOPE_SUBTREE = 2
Const ForAppending = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

'LOOK HERE!!!!
'OK this is the important part

objCommand.CommandText = _
    "Select Name, mail, createTimeStamp, title, telephoneNumber, logonCount,
whenCreated from 'LDAP://DC=nna,DC=imrac,DC=net' " & "where
objectCategory='person' and Name<>'SystemMailbox*' and objectclass='user'
and whenCreated = CurrentUTC"

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (".\usrqry.txt", ForAppending, True)
Set objRecordSet = objCommand.Execute
if header = 1 then
    objTextFile.WriteLine "Name" & myDelim & "email address" & myDelim &
"Created" & myDelim & "Phone Number" & myDelim & "Exchange DB"
End if
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim &
objRecordSet.Fields("mail").Value & myDelim &
objRecordSet.Fields("createTimeStamp").Value & myDelim &
objRecordSet.Fields("telephoneNumber").Value & myDelim &
objRecordSet.Fields("homeMDB").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," &
objRecordSet.Fields("mail").Value & "," &
objRecordSet.Fields("whenCreated").Value & "," &
objRecordSet.Fields("telephoneNumber").Value
'    Else
'    objTextFile.WriteLine objRecordSet.Fields("Name").Value & myDelim &
"!!!NO EMAIL HERE!!!" & myDelim &
objRecordSet.Fields("createTimeStamp").Value & myDelim &
objRecordSet.Fields("telephoneNumber").Value
'    wscript.echo objRecordSet.Fields("Name").Value & "," & "!!!NO EMAIL
HERE!!!" & "," & objRecordSet.Fields("whenCreated").Value & "," &
objRecordSet.Fields("telephoneNumber").Value
    end if
    objRecordSet.MoveNext
Loop
End Sub
------------- end snippet -------------

Sorry hope that isn't to much to process, I could have cut alot of it out
becuase there are only a few things that are pertinent. My question is that
when I do my select and try to make it query based on CurrentUTC (the
variable I defined earlier) I get an error. If I explicitly write out the
UTCdate in the select statement it works. so what did I do wrong? or if it
is easier what did I do right?



Tue, 08 Nov 2005 09:12:32 GMT  
 Computer Accounts not logged into AD for thirty days


Quote:
> Hi,

> I think the easiest solution is to use the DateDiff function in the final
> loop in the program. For example, here is the final loop revised to only
> output if PwdLastSet is over 60 days in the past:

> Do Until objRecordSet.EOF
>   strDN = objRecordSet.Fields("distinguishedName")
>   lngFlag = objRecordSet.Fields("userAccountControl")
>   blnPwdExpire = True
>   If (lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
>     blnPwdExpire = False
>   End If
>   If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
>     blnPwdExpire = False
>   End If
>   lngDate = objRecordSet.Fields("pwdLastSet")
>   Set objDate = lngDate
>   dtmPwdLastSet = Integer8Date(objDate, lngBias)
>   If DateDiff("d", dtmPwdLastSet, Now) > 60 Then
>     objFile.WriteLine strDN & " ; " & blnPwdExpire & " ; " & dtmPwdLastSet
>   End If
>   objRecordSet.MoveNext
> Loop

> Note you can't filter in the ADO code because the attribute is Integer8. For
> computer objects blnPwdExpire will always be true.

Could I filter in the ADO code based on the whenCreated field?, Maybe I should start a new thread as it seems I have a totally different question but it seemed in context when I asked it.


Tue, 08 Nov 2005 21:45:53 GMT  
 Computer Accounts not logged into AD for thirty days
That worked out beutifully Richard thank you!!




Quote:
> Hi,

> I think the easiest solution is to use the DateDiff function in the final
> loop in the program. For example, here is the final loop revised to only
> output if PwdLastSet is over 60 days in the past:

> Do Until objRecordSet.EOF
>   strDN = objRecordSet.Fields("distinguishedName")
>   lngFlag = objRecordSet.Fields("userAccountControl")
>   blnPwdExpire = True
>   If (lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
>     blnPwdExpire = False
>   End If
>   If (lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
>     blnPwdExpire = False
>   End If
>   lngDate = objRecordSet.Fields("pwdLastSet")
>   Set objDate = lngDate
>   dtmPwdLastSet = Integer8Date(objDate, lngBias)
>   If DateDiff("d", dtmPwdLastSet, Now) > 60 Then
>     objFile.WriteLine strDN & " ; " & blnPwdExpire & " ; " & dtmPwdLastSet
>   End If
>   objRecordSet.MoveNext
> Loop

> Note you can't filter in the ADO code because the attribute is Integer8.
For
> computer objects blnPwdExpire will always be true.

Could I filter in the ADO code based on the whenCreated field?, Maybe I
should start a new thread as it seems I have a totally different question
but it seemed in context when I asked it.


Tue, 08 Nov 2005 21:53:21 GMT  
 
 [ 10 post ] 

 Relevant Pages 

1. setting description on a computer account in AD

2. Adding a computer account to an AD group

3. AD Error when removing computer accounts via script.

4. setting description on a computer account in AD

5. automatic create user account, computer account in 2000 server

6. Enumerate list of user accounts that have not logged in for 30 days in Active Directory?

7. Checking for Account Lockout property: AD

8. AD Account Mgmt

9. Displaying when days until Password Expires in AD

10. List All User accounts in AD

11. change the cn or name ldap field for an AD user account

12. How to Retrieve Events For One Day From An Event Log on Windows 2000/NT

 

 
Powered by phpBB® Forum Software