FWIW we used to manage NT computer accounts with "an oldcmpNT" writen in PERL using Win32::AdminMisc;Win32::NetAdmin; and Win32::Lanman. There are numerous variants of such things floating around but this should get you started- http://www.roth.net/perl/scripts/scripts.asp?WSClean.pl
There's also a utility (netpwage[1]) and some vbscript wrappers around for it for managing SAM accounts based on age. http://www.optimumx.com/download/#NetPWAge [1]Displays the password age for all accounts in the specified domain, both users and machines. Very useful for cleaning out old, unused accounts from the NT SAM database. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 02, 2005 5:54 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] NT enumeration NT4 doesn't allow to query with a filter. You enumerate and filter yourself. The way you would have to do it with getuserinfo is to get a list of all computers in the domain (net view) and then ask for info on each one and parse out the password age. You may be able to do a query like thing with WMI but it is still enumerating so has none of the speed of a real query like you get with AD. You can look for other tools that can dump en masse or maybe do the enumeration for you. I do not currently have anything. I thought about making an oldcmpNT but it is a completely different program from oldcmp and I just never did it as I had other things I wanted to do more. Alternatively, you should be able to write an entire adsi script to do dump everything as well. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Tuesday, November 01, 2005 12:40 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] NT enumeration Thanks a lot. What I'm trying to do is get a listing of every active computer in an NT 4.0 domain. I guess i can't see anyway to make your tool(or any tool) filter based on that. I can only query 1 pc and get info for that. I guess WINS or a browse list is not accurate? Thanks again. cool tool On 11/1/05, joe <[EMAIL PROTECTED]> wrote: 1. You are welcome 2. You need to use NET * API. I have one tool that will get that info for computers in an NT4 domain and that is getuserinfo, it gets info for one single specified userid. You will specify a computer by the domain\machinename$. Don't forget the $ on the end. 3. Yeah, they should go every 30 days. joe ________________________________ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Tuesday, November 01, 2005 11:56 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] NT enumeration 1.Thanks 2. I know how to get pwdLastSet in AD. How do you get passwords ages in NT sams? 3. If i have win2k clients, they would be setting their passwords every 30 days even in a NT domain? Thanks again. On 11/1/05, joe <[EMAIL PROTECTED]> wrote: If you just care about real machines (i.e. no Wintendo machines - Win9x) then you enumerate the computer accounts in the domain and try to contact all of them and verify their password ages. NT machines should be changing passwords every 7 days unless that was overridden. ________________________________ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ] On Behalf Of Tom Kern Sent: Tuesday, November 01, 2005 11:10 AM To: activedirectory Subject: [ActiveDir] NT enumeration What is the most accurate way to enumerate "live" machines on an NT domain? Check WINS? Net View? What is the most accurate and reliable way to list all machines in an NT domain that are active? Thanks a lot List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
