#28575 - 2002-09-18 01:56 AM
Re: Old computer/user accounts in an NT4 domain.
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
|
Top
|
|
|
|
#28576 - 2002-09-18 02:10 AM
Re: Old computer/user accounts in an NT4 domain.
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
Not sure what Howard's reply is, but my script does check for accounts set to 'never expire.'
Anyway, here it is... (oh, and the AllFlags() is by NewMexicoMark)
code:
break on cls
;ADS UserFlags Typedef $ADS_UF_SCRIPT = &1 $ADS_UF_ACCOUNTDISABLE = &2 $ADS_UF_HOMEDIR_REQUIRED = &3 $ADS_UF_LOCKOUT = &10 $ADS_UF_PASSWD_NOTREQD = &20 $ADS_UF_PASSWD_CANT_CHANGE = &40 $ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &80 $ADS_UF_TEMP_DUPLICATE_ACCOUNT = &100 $ADS_UF_NORMAL_ACCOUNT = &200 $ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = &800 $ADS_UF_WORKSTATION_TRUST_ACCOUNT = &1000 $ADS_UF_SERVER_TRUST_ACCOUNT = &2000 $ADS_UF_DONTEXPIREPASSWD = &10000 $ADS_UF_MNS_LOGON_ACCOUNT = &20000 $ADS_UF_SMARTCARD_REQUIRED = &40000 $ADS_UF_TRUSTED_FOR_DELEGATION = &80000 $ADS_UF_NOT_DELEGATED = &100000
$nul=redirectoutput(@scriptdir+"expiredaccounts.txt",1) $user=getobject("WinNT://@domain") $user.filter="User","" for each $u in $user $objUser=getobject("WinNT://@domain/"+$u.name) $MaxAge=$objUser.MaxPasswordAge/86400 $PsdAge=$objUser.PasswordAge/86400 if $MaxAge <= $PsdAge $UserFlags = $objUser.Get("UserFlags") if AllFlags($UserFlags, $ADS_UF_DONTEXPIREPASSWD)=0 or AllFlags($UserFlags, $ADS_UF_ACCOUNTDISABLE)=0 ? $objUser.name " " $maxage - $psdage " " $objUser.LastLogin endif endif next
FUNCTION AllFlags($iNum, $iTst) $iNum=Val($iNum) $iTst=Val($iTst) IF $iTst=0 $AllFlags=0 EXIT ENDIF $AllFlags=(($iNum & $iTst)=$iTst) ENDFUNCTION
I ran this code versus a report from Hyena and it matched it user by user.
|
Top
|
|
|
|
#28577 - 2002-09-18 02:32 AM
Re: Old computer/user accounts in an NT4 domain.
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Chris, I don't doubt the script works. I was just having an off-line discussion about my tools and his current project.
He may be able to just use your code.
|
Top
|
|
|
|
#28578 - 2002-09-18 02:40 AM
Re: Old computer/user accounts in an NT4 domain.
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
Oh, I'm not upset or anything if that is what you got out of my last post. I was just posting the code that I was talking about earlier. And, I wanted to point out to Doc that it did check the 'never expire' flag.
|
Top
|
|
|
|
#28580 - 2002-09-18 04:22 AM
Re: Old computer/user accounts in an NT4 domain.
|
Chris S.
MM club member
Registered: 2002-03-18
Posts: 2368
Loc: Earth
|
That's exactly what I do. I usually pull the info out in a tab-delimited text file, copy it into Excel real fast and go over the results. When I'm ready to script the 'deletions' I pipe in the user or computer names into another 'deletion' script.
|
Top
|
|
|
|
#28581 - 2002-09-18 04:43 AM
Re: Old computer/user accounts in an NT4 domain.
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I found that there is seldom a mistake (never to date) using the password age in our environment.
If there was one I'd use Netdom to have the computer rejoin the domain.
code:
NETDOM JOIN machine /Domain:domain [/OU:ou path] [/UserD:user] [/PasswordD:[password | *]] [UserO:user] [/PasswordO:[password | *]] [/REBoot[:Time in seconds]]
But in our domain architecture "real" servers (not to be confused with someone running NT server at thier desk) are managed in their own domain where the data center admins would manage the domain closely. (i would hope) [ 18. September 2002, 04:50: Message edited by: Howard Bullock ]
|
Top
|
|
|
|
#28584 - 2002-09-18 06:17 PM
Re: Old computer/user accounts in an NT4 domain.
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Yes, that makes sense. I will have to put a disclaimer on the web site raising that possibility. Thanks for following up. [ 18. September 2002, 18:17: Message edited by: Howard Bullock ]
|
Top
|
|
|
|
#28585 - 2002-12-04 08:59 PM
Re: Old computer/user accounts in an NT4 domain.
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
Dear,
To get information of last logging on we our using something simlar our script logon.kix. It creates dynamic lists based on @userid, @wksta and @ipaddressX. greetings.
btw: symbol on our homepage has been linked to related http://kixtart.org topic.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 259 anonymous users online.
|
|
|