There is an amazing pack of free network admin tools. click here to download it
Remote Support Software
Provide instant remote support to customers and employees:
Click here for a free trial
Provide instant remote support to customers and employees:
Click here for a free trial
Can CSVDE export active users only?
Whats the fastest way to get a count of the active users in AD? Just need to know how many are active for billing purposes?Trevor Fielder
There is an amazing pack of free network admin tools. click here to download it
There is an amazing pack of free network admin tools. click here to download it
March 17th, 2011 8:39am
AFAIK, this is not possible using CSVDE.
You can develop logon and logoff scripts so that you get the information you want. Once done, you can deploy them using group policies.
To develop such scripts, I recommand to you to post in "The Official Scripting Guys Forum!".
You can also try to use
AD Manager Plus to determine inactive users (even inactive computers).
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Need to support users over the internet? click here try our remote control online beta
You can develop logon and logoff scripts so that you get the information you want. Once done, you can deploy them using group policies.
To develop such scripts, I recommand to you to post in "The Official Scripting Guys Forum!".
You can also try to use
AD Manager Plus to determine inactive users (even inactive computers).
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Need to support users over the internet? click here try our remote control online beta
March 17th, 2011 8:42am
If it helps to find user accounts not used recently, you can use Joe Richards' free oldcmp utility to identify "stale" user accounts. See this link (including the usage documentation linked at the bottom of the page):
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Once you know how many accounts are "stale", you can subtract from the total of enabled users to determine the number of "active" users.
Richard Mueller - MVP Directory Services
There is an amazing pack of free network admin tools. click here to download it
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Once you know how many accounts are "stale", you can subtract from the total of enabled users to determine the number of "active" users.
Richard Mueller - MVP Directory Services
There is an amazing pack of free network admin tools. click here to download it
March 17th, 2011 9:03am
You can use the dsquery utility (available on DC's with W2k3 or above) with the Find command to get useful information. For example, to count the total number of users in your domain:
dsquery * -filter "(&(objectCategory=person)(objectClass=user))" -limit 0 | find /c /i "cn="
To count the number of enabled users:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -limit 0 | find /c /i "cn="
To count the number of users that have changed their password since January 1, 2011:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(pwdLastSet>=129383316000000000))" -limit 0 | find /c /i "cn="
To count the number of users that have logged on since January 1, 2011:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp>=129383316000000000))" -limit 0 | find /c /i "cn="
The last works if your domain is at Windows Server 2003 functional level or above. I used the following VBScript program to convert the date "January 1, 2011" into the large 64-bit integer that can be compared to the pwdLastSet and lastLogonTimeStamp attributes:
http://www.rlmueller.net/Programs/DateToInteger8.txt
I think you can also do this conversion in PowerShell, but I haven't figured out how yet. Finally, "dsquery user" has the -stalepwd and -inactive switches that you can use. Check the help at a command prompt of a DC. To count the number of users with a stale
password at least 75 days old:
dsquery user -stalepwd 75 | find /c /i "cn="
Similarily, to count users that have been inactive for the last 10 weeks:
dsquery user -inactive 10 | find /c /i "cn="
This last example uses the lastLogonTimeStamp attribute of the users, so the domain must be at Windows Server 2003 functional level or better.
Richard Mueller - MVP Directory Services
Need to support users over the internet? click here try our remote control online beta
dsquery * -filter "(&(objectCategory=person)(objectClass=user))" -limit 0 | find /c /i "cn="
To count the number of enabled users:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -limit 0 | find /c /i "cn="
To count the number of users that have changed their password since January 1, 2011:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(pwdLastSet>=129383316000000000))" -limit 0 | find /c /i "cn="
To count the number of users that have logged on since January 1, 2011:
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp>=129383316000000000))" -limit 0 | find /c /i "cn="
The last works if your domain is at Windows Server 2003 functional level or above. I used the following VBScript program to convert the date "January 1, 2011" into the large 64-bit integer that can be compared to the pwdLastSet and lastLogonTimeStamp attributes:
http://www.rlmueller.net/Programs/DateToInteger8.txt
I think you can also do this conversion in PowerShell, but I haven't figured out how yet. Finally, "dsquery user" has the -stalepwd and -inactive switches that you can use. Check the help at a command prompt of a DC. To count the number of users with a stale
password at least 75 days old:
dsquery user -stalepwd 75 | find /c /i "cn="
Similarily, to count users that have been inactive for the last 10 weeks:
dsquery user -inactive 10 | find /c /i "cn="
This last example uses the lastLogonTimeStamp attribute of the users, so the domain must be at Windows Server 2003 functional level or better.
Richard Mueller - MVP Directory Services
Need to support users over the internet? click here try our remote control online beta
March 17th, 2011 10:05am
I figured out how to use PowerShell to get the large 64-bit integer that corresponds to any date. For example, to get the integer that corresponds to January 1, 2011:
$Date = [DateTime]"January 1, 2011"
$Zero = [DateTime]"January 1, 1601"
$Date.Ticks - $Zero.Ticks
This results in a similar number to the one I used above, 129383136000000000. The difference is due to time zone. The PowerShell values are all in UTC, while the VBScript program converts to the local time zone. The difference, 180,000,000,000 ticks
is equivalent to the 6 hours my time zone differs from UTC. You could adjust $Date from your time zone into UTC to take this into account.
Richard Mueller - MVP Directory Services
There is an amazing pack of free network admin tools. click here to download it
$Date = [DateTime]"January 1, 2011"
$Zero = [DateTime]"January 1, 1601"
$Date.Ticks - $Zero.Ticks
This results in a similar number to the one I used above, 129383136000000000. The difference is due to time zone. The PowerShell values are all in UTC, while the VBScript program converts to the local time zone. The difference, 180,000,000,000 ticks
is equivalent to the 6 hours my time zone differs from UTC. You could adjust $Date from your time zone into UTC to take this into account.
Richard Mueller - MVP Directory Services
There is an amazing pack of free network admin tools. click here to download it
March 17th, 2011 10:41am
This topic is archived. No further replies will be accepted.
Other recent topics
