Thanks for the feedback, Robbie.  Not precisely certain about the
situation.  I'd have to do more investigation on it.  Provided a
sufficiently long period of time, it would probably be okay.  I was
looking to trim at a 30 day time frame.  During some of the searches, I
did note some active machines that hadn't reset their machine account
passwords recently.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Wednesday, October 29, 2003 11:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DNS Record Timestamp

There are a couple of ways you can get it.  If you are a command line
hacker, you could use this:
        dnscmd . /enumrecords rallencorp.com foobar /detail | findstr
dwTimeStamp

If you are looking to do it via VBScript or Perl, then you'll want to
look
at the MicrosoftDNS_ResourceRecord WMI class.  It has a Timestamp
property:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns
/mic
rosoftdns_resourcerecord.asp
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dn
s/mi
crosoftdns_resourcerecord.asp> 

BTW, in what situation does password change date not work if you use a
sufficiently long expiration period?

Robbie Allen
http://www.rallenhome.com/ <http://www.rallenhome.com/> 

>  -----Original Message-----
> From:         Marcus Oh [mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ] 
> Sent: Wednesday, October 29, 2003 8:54 PM
> To:   [EMAIL PROTECTED]
> Subject:      [ActiveDir] DNS Record Timestamp
> 
> Curious if anyone knows if the DNS record timestamp can be exposed by
> script?  I'm working on a script to delete old machine accounts.
Problem
> is, machine account age is not always accurate based on the last
password
> change date.  I'd like to do a query against DNS and examine the
record
> timestamp as a secondary checkpoint prior to deleting the machine
account.
> 
> Any ideas?  :-)
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to