Thanks for the feedback, Robbie. Not precisely certain about the situation. I'd have to do more investigation on it. Provided a sufficiently long period of time, it would probably be okay. I was looking to trim at a 30 day time frame. During some of the searches, I did note some active machines that hadn't reset their machine account passwords recently.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen Sent: Wednesday, October 29, 2003 11:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Record Timestamp There are a couple of ways you can get it. If you are a command line hacker, you could use this: dnscmd . /enumrecords rallencorp.com foobar /detail | findstr dwTimeStamp If you are looking to do it via VBScript or Perl, then you'll want to look at the MicrosoftDNS_ResourceRecord WMI class. It has a Timestamp property: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns /mic rosoftdns_resourcerecord.asp <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dn s/mi crosoftdns_resourcerecord.asp> BTW, in what situation does password change date not work if you use a sufficiently long expiration period? Robbie Allen http://www.rallenhome.com/ <http://www.rallenhome.com/> > -----Original Message----- > From: Marcus Oh [mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] > Sent: Wednesday, October 29, 2003 8:54 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DNS Record Timestamp > > Curious if anyone knows if the DNS record timestamp can be exposed by > script? I'm working on a script to delete old machine accounts. Problem > is, machine account age is not always accurate based on the last password > change date. I'd like to do a query against DNS and examine the record > timestamp as a secondary checkpoint prior to deleting the machine account. > > Any ideas? :-) List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/