Script
Is there a script that can be used for AD that will allow me to find old accounts that haven't been logged in to for a while, so i can make sure the accounts are disabled.
May 11th, 2012 4:26pm

Multiple methods but Richard Mueller DS MVP has a bunch of good scripts. http://www.rlmueller.net/Last%20Logon.htmJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2012 2:56pm

Is this for user or computer accounts? Regardless, the dsquery command will give you a rough idea. The commands below will show, respectively, user and computer accounts that have not logged on for 12 weeks: dsquery user domainroot -inactive 12 dsquery computer domainroot -inactive 12 What is your domain functional level? dsquery uses the LastLogonTimeStamp attribute which IS replicated to all domain controllers (as opposed to the LastLogon attribute). But that attribute is only used in W2K3 DFL (and above presumably). A word of caution: the attribute in question replicates weekly so it can be "off" by as much as 7 days (according to Joe Richards, I have also seen 14 days). So as I said, a rough idea. Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
May 13th, 2012 8:13am

Hi Raynard Any update on this thread, Did you try the Script they provide? CheersZi Feng TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2012 10:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics