RE: [ActiveDir] LDAP & LastLogin for Computers

[Roger Seielstad]

Title: Message

You're doing this the hard way.   Its far easier to know that computers will change their password automatically after 30 days. Look for any computer account with a password age say greater than 90 days and then take action. Keep in mind also that password age (in the form of the date the password was last set) is a replicated attribute within a domain, so you only need to query a single DC.   Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 10:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] LDAP & LastLogin for Computers I'm getting the computer "lastlogin" attribute, which as I understand it is the most recent time that the workstation authenticated to a domain controller. I believe the oldest this timestamp would be is the last time the machine started up. Also, lastlogin is not a replicated attribute, so you have to check either all of the domain controllers or at a minimum all of the domain controllers in the workstation's site in order to get an accurate value. I'll send you a copy of the script separately.   Hunter From: Glenn Corbett [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 7:28 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] LDAP & LastLogin for Computers Hunter,   Are you actually querying the workstation, or just the user accounts ? If your finding out when a computer was last logged onto, I would LOVE to have a copy of the script as well (so I can kick our desktop support guys in the bum to clean up *MY* AD) *grin*   Glenn [EMAIL PROTECTED]     ----- Original Message ----- From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Thursday, August 07, 2003 3:48 AM Subject: RE: [ActiveDir] LDAP & LastLogin for Computers I've sent you off-list a copy of a script we use to get this information. Hope it helps   Hunter From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAP & LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris --------------------------------------------------------- Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University