RE: [ActiveDir] LDAP LastLogin for Computers
Title: LDAP & LastLogin for Computers I'm getting the computer "lastlogin" attribute, which as I understand it is the most recent time that the workstation authenticated to a domain controller. I believe the oldest this timestamp would be is the last time the machine started up. Also, lastlogin is not a replicated attribute, so you have to check either all of the domain controllers or at a minimum all of the domain controllers in the workstation's site in order to get an accurate value. I'll send you a copy of the script separately. Hunter From: Glenn Corbett [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 7:28 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] LDAP LastLogin for Computers Hunter, Are you actually querying the workstation, or just the user accounts ? If your finding out when a computer was last logged onto, I would LOVE to have a copy of the script as well (so I can kick our desktop support guys in the bum to clean up *MY* AD) *grin* Glenn [EMAIL PROTECTED] - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Thursday, August 07, 2003 3:48 AM Subject: RE: [ActiveDir] LDAP LastLogin for Computers I've sent you off-list a copy of a script we use to get this information. Hope it helps Hunter From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 8:22 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
RE: [ActiveDir] LDAP LastLogin for Computers
Title: Message Well, "pwdLastChanged" or "LastLogin" or other variations are all for User objects. Oh well, thanks for all your advice, all! Chris -Original Message-From: England, Christopher M Sent: Wednesday, August 06, 2003 9:22 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
RE: [ActiveDir] LDAP LastLogin for Computers
Title: Message Well, that wouldn't be the first time :-) At some point I suspect I'll *need* to query for a non-replicated attribute, so it's not a totally wasted effort. Your suggestion is a better fit in this case, though.Back to visual notepad Cheers, Hunter From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 7:12 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP LastLogin for Computers You're doing this the hard way. Its far easier to know that computers will change their password automatically after 30 days. Look for any computer account with a password age say greater than 90 days and then take action. Keep in mind also that password age (in the form of the date the password was last set) is a replicated attribute within a domain, so you only need to query a single DC. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 10:10 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP LastLogin for Computers I'm getting the computer "lastlogin" attribute, which as I understand it is the most recent time that the workstation authenticated to a domain controller. I believe the oldest this timestamp would be is the last time the machine started up. Also, lastlogin is not a replicated attribute, so you have to check either all of the domain controllers or at a minimum all of the domain controllers in the workstation's site in order to get an accurate value. I'll send you a copy of the script separately. Hunter From: Glenn Corbett [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 7:28 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] LDAP LastLogin for Computers Hunter, Are you actually querying the workstation, or just the user accounts ? If your finding out when a computer was last logged onto, I would LOVE to have a copy of the script as well (so I can kick our desktop support guys in the bum to clean up *MY* AD) *grin* Glenn [EMAIL PROTECTED] - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Thursday, August 07, 2003 3:48 AM Subject: RE: [ActiveDir] LDAP LastLogin for Computers I've sent you off-list a copy of a script we use to get this information. Hope it helps Hunter From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 8:22 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
RE: [ActiveDir] LDAP LastLogin for Computers
Title: Message One way to go about it would be to turn up the auditing andquery the event log on the machine for login success/failure events. John A. Bjelke Unisys 505.853.6774 [EMAIL PROTECTED] "Many of life's failures are people who did not realize how close they were to success when they gave up." -Thomas Edison -Original Message-From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 8:22 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
[ActiveDir] LDAP LastLogin for Computers
Title: LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. WhenModified is just the computer account object and LastLogin is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
RE: [ActiveDir] LDAP LastLogin for Computers
Title: Message Machine account change frequency (default) NT is 7 days W2K is 30. That's how we have always managed machine accounts. Just had to tweak the interval in the PERL script when W2K showed up :-] Over the threshold, whack the account -Original Message-From: Steve Rochford [mailto:[EMAIL PROTECTED]Sent: Wednesday, August 06, 2003 9:19 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP LastLogin for Computers If knowing when the machine was last switched on is enough then you can check the password age for the machine account - I think Windows 2000 changes it every 7 days; NT 4 is longer - so if you find a password age of greater than (say) 30 days you know the machine isn't being switched on. If machines get left on then they'll change their passwords so that won't work. One possibility is to add something to the user login script which logs when a user logged onto the machine. A really crude way would be to scan the profile folders looking at the time stamp on ntuser.dat Steve -Original Message-From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: 06 August 2003 15:22To: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
Re: [ActiveDir] LDAP LastLogin for Computers
Title: LDAP & LastLogin for Computers Hunter, Are you actually querying the workstation, or just the user accounts ? If your finding out when a computer was last logged onto, I would LOVE to have a copy of the script as well (so I can kick our desktop support guys in the bum to clean up *MY* AD) *grin* Glenn [EMAIL PROTECTED] - Original Message - From: Coleman, Hunter To: '[EMAIL PROTECTED]' Sent: Thursday, August 07, 2003 3:48 AM Subject: RE: [ActiveDir] LDAP LastLogin for Computers I've sent you off-list a copy of a script we use to get this information. Hope it helps Hunter From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 8:22 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University
RE: [ActiveDir] LDAP LastLogin for Computers
Title: Message If knowing when the machine was last switched on is enough then you can check the password age for the machine account - I think Windows 2000 changes it every 7 days; NT 4 is longer - so if you find a password age of greater than (say) 30 days you know the machine isn't being switched on. If machines get left on then they'll change their passwords so that won't work. One possibility is to add something to the user login script which logs when a user logged onto the machine. A really crude way would be to scan the profile folders looking at the time stamp on ntuser.dat Steve -Original Message-From: England, Christopher M [mailto:[EMAIL PROTECTED] Sent: 06 August 2003 15:22To: [EMAIL PROTECTED]Subject: [ActiveDir] LDAP LastLogin for Computers Greetings all, I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. "WhenModified" is just the computer account object and "LastLogin" is just for user accounts. Am I out of luck? What I have is this: 400 or so computer accounts in one OU (with many sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens if they have logged in in say the last few months. #2 if not. Any suggestions would be great! Thanks, Chris - Christopher England Server Administrator MCSA, Server+, Network+, A+ College Information Technology Office Indiana University