Im trying to generate a report of disabled accounts that were disabled X number of
days ago.
Getting a report of which accounts are disabled was fairly straightforward* but I
cannot find anything that will tell me when the account WAS disabled. I was wondering
if anyone could tell me if such information is stored in AD or how to approximate the
date. Right now Im thinking of pulling the last logon times from the domain
controllers to ballpark the amount of time the accounts could have been disabled but
thats a stopgap at best.
Any tips or pointers would be greatly appreciated.
Clyde Burns
* VB6 code to generate report
Set rootDSE = GetObject("LDAP://RootDSE";)
Set Ou = GetObject("LDAP://"; & "CN=Users," & _
rootDSE.Get("defaultNamingContext"))
Ou.Filter = Array("user")
For Each Child In Ou
Debug.Print _
Chr(34) & Child.sAMAccountName & Chr(34) & Chr(44) & _
Chr(34) & Child.DisplayName & Chr(34) & Chr(44) & _
Chr(34) & Child.accountdisabled & Chr(34)
Next
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
