Announcement

Collapse
No announcement yet.

VB Script to find unused AD accounts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VB Script to find unused AD accounts

    Dear members,

    Can someone help me to get a VB script where I can retrive all unused Ad account in my domain and export all data to excel.

    Thanks in advance.
    Last edited by Taw; 1st February 2011, 16:25.

  • #2
    Re: VB Script to find unused AD accounts

    Use dsquery. The -inactive #weeks switch can be used to filter for inactivity.

    -vP

    Comment


    • #3
      Re: VB Script to find unused AD accounts

      Originally posted by Taw View Post
      Dear members,

      Can someone help me to get a VB script where I can retrive all unused Ad account in my domain and export all data to excel.

      Thanks in advance.
      Or,

      OldCmp is a command line Active Directory query tool. Primarily used to find and cleanup old computer accounts that haven't been used. Can also be used to clean up old user accounts when the proper filter is specified. [ usage ]

      /llts /age 90 switches (designated by - or /):
      Accounts not logged in last 90-days. NOTE, the switch llts can only be used when a new attribute called lastLogonTimeStamp is available.
      If your domain is at Windows Server 2003 functional level, there is this new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts.

      /report /format CSV /rsort LLTS switches (designated by - or /):
      Report Format is Delimited Text. Reverse Sort by lastLogonTimestamp


      Note:

      DSQUERY -inactive <NumWeeks>

      The reason for the inactive argument is not in 'days' is, dsquery reads the lastLogonTimeStamp attribute for this. And again, this new attribute is only used in
      Windows Server 2003 DFL mode!!
      When DFL is not 2k3, then use the pwdLastSet attribute for for age options.
      Or/And,, like you requested,
      use a vbscript: http://www.rlmueller.net/Last%20Logon.htm
      By adjusting the samples you can make the values comma separated. A csv file you easily can import in Excel.

      It is possible the script writes directly to a worksheet format: http://forums.petri.com/showpost.php...78&postcount=3


      \Rems
      Last edited by Rems; 1st February 2011, 21:39.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: VB Script to find unused AD accounts

        Will those two methods work on a 2008R2 and/or a windows server 2000 server also?
        "To err is human but to really **** things up requires a computer user..."

        "The path to enlightenment is /user/bin/enlightenment"

        A+ CE

        Comment

        Working...
        X