Yes actually adfind can show you metadata... Look at the attributes msDS-ReplAttributeMetaData msDS-ReplValueMetaData I actually have a DCR for AdFind (submitted by me which means it for sure will get done) that will display that info in a better way than that XML format they use. When it does, it will also use the binary format of the attribute so it won't be so slow nor require as much network bandwidth. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar Sent: Monday, December 18, 2006 12:19 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automatic user disable based on criteria Hi All, DFL & FFL : Win2k-Native DCs : Win2k3-SP1 User accounts are automatically provisioned as enabled with "Change Password at Next logon". And management wants to disable new accounts which have not logged into domain within next 7 days of creation. And they want it to happen automatically. I have problem at hand as I can't use LastLogonTimeStamp as DFL is not supportive. I can't connect to each DC and search for lastlogon as number of DCs are too large, can't go by "whenchanged", as that is generic attribute, which could get changed for any other attribute also. Any other attribute would help me? Currently LDAP filter checks for account created on specific day (say current day - 7) and whose "Change Password at next logon" is still ticked i.e. pwdlastset=0 But this doesn't take care of scenario, where users are created on that same day (current - 7) and logged into network, changed their password, but around the time of running script, had forgotten password and helpdesk had resetted their password and set "Change Password at next logon" I hope I am not confusing you all. :-) I know, simple solution would be to change criteria to say 15 days, raise DFL and use LLTS, but I am taking this as a scripting challenge at Win2k-native DFL. Hey joe, is there a way to see replication meta data using adfind? ;-) If yes, I could take a peek at originating date/time for attributes. -- Kamlesh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You teach best what you most need to learn. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
