Can CSVDE export active users only?
Whats the fastest way to get a count of the active users in AD? Just need to know how many are active for billing purposes?Trevor Fielder
March 17th, 2011 8:39am

AFAIK, this is not possible using CSVDE. You can develop logon and logoff scripts so that you get the information you want. Once done, you can deploy them using group policies. To develop such scripts, I recommand to you to post in "The Official Scripting Guys Forum!". You can also try to use AD Manager Plus to determine inactive users (even inactive computers). This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2011 8:42am

If it helps to find user accounts not used recently, you can use Joe Richards' free oldcmp utility to identify "stale" user accounts. See this link (including the usage documentation linked at the bottom of the page): http://www.joeware.net/freetools/tools/oldcmp/index.htm Once you know how many accounts are "stale", you can subtract from the total of enabled users to determine the number of "active" users. Richard Mueller - MVP Directory Services
March 17th, 2011 9:03am

You can use the dsquery utility (available on DC's with W2k3 or above) with the Find command to get useful information. For example, to count the total number of users in your domain: dsquery * -filter "(&(objectCategory=person)(objectClass=user))" -limit 0 | find /c /i "cn=" To count the number of enabled users: dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -limit 0 | find /c /i "cn=" To count the number of users that have changed their password since January 1, 2011: dsquery * -filter "(&(objectCategory=person)(objectClass=user)(pwdLastSet>=129383316000000000))" -limit 0 | find /c /i "cn=" To count the number of users that have logged on since January 1, 2011: dsquery * -filter "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp>=129383316000000000))" -limit 0 | find /c /i "cn=" The last works if your domain is at Windows Server 2003 functional level or above. I used the following VBScript program to convert the date "January 1, 2011" into the large 64-bit integer that can be compared to the pwdLastSet and lastLogonTimeStamp attributes: http://www.rlmueller.net/Programs/DateToInteger8.txt I think you can also do this conversion in PowerShell, but I haven't figured out how yet. Finally, "dsquery user" has the -stalepwd and -inactive switches that you can use. Check the help at a command prompt of a DC. To count the number of users with a stale password at least 75 days old: dsquery user -stalepwd 75 | find /c /i "cn=" Similarily, to count users that have been inactive for the last 10 weeks: dsquery user -inactive 10 | find /c /i "cn=" This last example uses the lastLogonTimeStamp attribute of the users, so the domain must be at Windows Server 2003 functional level or better. Richard Mueller - MVP Directory Services
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2011 10:05am

I figured out how to use PowerShell to get the large 64-bit integer that corresponds to any date. For example, to get the integer that corresponds to January 1, 2011: $Date = [DateTime]"January 1, 2011" $Zero = [DateTime]"January 1, 1601" $Date.Ticks - $Zero.Ticks This results in a similar number to the one I used above, 129383136000000000. The difference is due to time zone. The PowerShell values are all in UTC, while the VBScript program converts to the local time zone. The difference, 180,000,000,000 ticks is equivalent to the 6 hours my time zone differs from UTC. You could adjust $Date from your time zone into UTC to take this into account. Richard Mueller - MVP Directory Services
March 17th, 2011 10:41am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics