No announcement yet.

Auditing Users

  • Filter
  • Time
  • Show
Clear All
new posts

  • Auditing Users

    Is there any way of running a script against AD to show my how many users account we have?

    I would need this script to not include the following:

    Exchange team mailboxes
    Service accounts
    System Accounts

    This would simply just need to display staff accounts.

    Any suggestions?

  • #2
    Re: Auditing Users


    There are plenty of scripts on the net for that ... and for the langage... it's up to you.
    (Adfind, AD module for PS, VBS ...)

    Now about your request, you should work on the output with Excel and filters ... far easier with Excel than trying to implement filters in the script. (and depends highly on naming convention of users, slower to execute etc ...).



    • #3
      Re: Auditing Users

      I already have an AD query which displays all the users which I can export to Excel but this brings back all user accounts.

      How do I differentiate between service account users, system account users & actual user accounts which belong to people. Is this even possible?


      • #4
        Re: Auditing Users


        I'm afraid AD doesnt make this difference : System/service/user.
        To my knowledge, AD stores Account as "User Class"...

        So it's depending only on the usage YOU are doing with these accounts...

        That's why I told before, it's relying on naming convention ...
        Quick example : svc.xxxxxx for a service account ; adm.xxxxxx : for an admin / privileged account ...

        Some people set on Service accounts the option "user cannot change password" and/or "password never expires" , if you have this information on your extract , it can works...
        The OU where you store accounts can be a good filter.
        The PwdLastSet attribute maybe ; or membership to a particular group.

        But as long as AD stores an account as "User Class" ; it's not possible with a simple query. The filter relies mainly on your knowledge of the naming convention / OU structure.


        Another, heavy way, is to query with WMI, each computer object and check for services and get their "runas" setting.
        With this extract, you cross both list to extract only "people" user accounts.

        Maybe this looks interesting for you (I didn't test it )

        Last edited by Mazette; 6th December 2013, 14:40.