Does
anyone know script to get last logon stamp for active directory user?
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please
You can get this information using adfind:
adfind -b dc=domaname,dc=com -f ((Objectclass=user)(Objectcategory=person)(samaccountname=username))lastlogontimestamp -tdc
If you are looking for script, you can refer to following Script Center article:
Is this webcast open for selected individual only?It show me following error message when I click on the link:
Page Not FoundThe content that you requested cannot be found or you do not have permission to view it.
If you believe you have reached this page in error, click the Contact Us link at
Did you sign in via passport?
Chong Ai Chung wrote:
Is this webcast open for selected individual only? It show me
following error message when I click on the link:
Page Not Found
The content that you requested cannot be found or you do not have
permission to view it.
If you believe you
Ditto for me (page not found) and yes, I logged in via passport.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: 16 August 2006 08:58
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT:
I am trying to read
the machine password from exchange server (Windows 2003 R2 Standard + SP1,
Exchange 2003 +SP2). I have tried some other tools also (like lsadump) but they
all are failing to read it.
We are working on
Exchange DR solution- so we need to import the machine password from
Works for me, but I am on the Longhorn beta program, is everyone else?
Mrk
-Original Message-
From: [EMAIL PROTECTED]
Date: Wed, 16 Aug 2006 09:24:50
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Longhorn Server Manager
Ditto for me (page not found) and yes, I logged in
Collegues,
Thank you all for your responses. They
were very helpfull. I managed to restore the system.
Thank you,
Lucia Washaya
CITS UNIOSIL
Tel.: 022-295-526 xtn. 5497
Int'l Tel.: Via Italy + (39) 083123-5497
Via USA +1(212) 963-9588 (after audio response dial 174-5497)
That about settles it. I didn't realize schemaIDGuid existed and I was
looking at the wrong attribute. Thanks for the help.
-Brandon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Tuesday, August 15, 2006 6:05 PM
To:
Now I understand your appliance architecture and how you
deal with the encryption issues.
This doesn't seem like a smart way to do it, to
me.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Manjeet
SinghSent: Wednesday, August 16, 2006 4:26 AMTo:
You may want to test this in your environment, but from an
efficiency standpoint, with this query you may want to trim it all the way down
to sAMAccountName=username
This is an odd one because objectcategory and
samaccountname are both indexed so the QP has to decide which index to use
You can get the info in bulk with oldcmp and the /users
switch. Something like
oldcmp -report -users -age 0-sh
would give you an htmlreport that includes the
lastLogonTimeStamp as well as the age of that value (lltsage)of all users
for the default domain.
If you want it in CSV and just
Event Source: AutoEnrollment
EventID: 15
Does anyone have a better definition of what this is? Half of my
machines cannot find the domain this morning. Lots of eventid 15 showed
up. I went into GPO and disabled autorollment in both computer and user
settings. BAM! Everyone can log on again.
Maybe the CRL (Certificate Revocation List) location is not available?
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Za Vue
Sent: Wednesday, August 16, 2006 8:17 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] User AutoEnrollment
Sorry 'bout that... yup forgot it was beta testers only.
Mark Parris wrote:
Works for me, but I am on the Longhorn beta program, is everyone else?
Mrk
-Original Message-
From: [EMAIL PROTECTED]
Date: Wed, 16 Aug 2006 09:24:50
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Hey all,
I have used pskill.exe, procexp.exe, to try to get a the antivirus
service on my dc to stop so I can restart it, but it is hung in the
stopping state. Does anybody know a good way that I can kill this
process and start it again without causing a stack failure in the
kernel? (already
Ditto here!
Alex
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chong Ai Chung
Sent: Wednesday, August 16, 2006
3:44 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT:
Longhorn Server Manager
Is this
webcast open for selected individual
I have to agree with Michael. Why would you want to do that? I mean, the machine password changes frequently and you *could* just re-add/reset the machine password if you needed to. IIRC, this is covered in the Exchange DR whitepaper as well. You may want to have a look.
As to why it no longer
It strikes me that y'all are trying to cobble together a bicycle. Why
not use a car?
AD Toolkit from Javelina Software has last logon as one of many
pre-configured reports.
You run it against and OU or entire domain and it returns last logon
info as well as which DC handled it.
Saving a
I do not have a solution for your issues. I am just curious. Why do you NEED the password? Why is it important for you to set the same password on your DR box?
So, the real exchange server dies, you bring in your DR box and have it impersonate the real one? Is this why? Is this to eliminate
Oh yeah? Bicycle and car, eh?
I see it more as driving to the grocery store down the street for a gallon of milkin your SUV while the trusty VM is in the garage.
1-2 admin at a thousand US greenbacks a pop? And all you are looking for is last logon? Thanks, but no thanks.
Sincerely, _
One reason for using the bicycle instead of the car is that the bike is
free whereas the car costs (a lot!) of money.
There's also the benefit that you learn more about how it all works;
then when you want a report which isn't included in the toolkit you have
you can just run it up yourself
If kill.exe pskill.exe don't work, I don't know what will. Is it a
single-DC environment? If not, force a replication and bounce it --
shouldn't be a problem.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta,
Nathaniel V CTR USAF NASIC/SCNA
Sent:
Fair enough! I didn't realize it costs so much these days.
We got in early and also got an EDU discount to boot.
It costs me only $250 a year and saves a lot of time by avoiding
debugging some script.
My objective is to administer the AD, not write code. I'm new to this
list and perhaps
Granted, if the other options didn't work then doubtful this will... but
another option in W2k3 or from an XP workstation
Taskkill.exe /s systemname /f /im processname
(/f to force the process termination)
You can use Tasklist.exe to get the process name
William
-Original Message-
Okay so if a vendor makes a claim short of standing up a forest how DO
you confirm this?
Original Message
Subject: [Acronis #671610] Follow up on a email that I sent with no
answer
Date: Wed, 16 Aug 2006 08:18:54 +0400
From: Acronis Customer
* setup at least 2 DCs (DC1 and DC2)
* backup DC1 using the product
* create objects (users, groups, etc) on DC1 and DC2 and let it replicate
* create a few GPOs on DC1
* On DC1 execute:
DCDIAG /TEST:RIDMANAGER DCDIAG_BEFORE.TXT
REPADMIN /SHOWREPL DC1 REPADMIN1_BEFORE.TXT
There is no other way. You have to stand up one or use an existing throwaway forest.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize
More important going for script is flexibility. You can play around like
anything than relaying on readymade applications.
I am looking for script because in our AD, almost 4000 ID's do not have
owner information. We just want to find out last logon stamp and get rid
of them.
Many thanks all,
I never had trouble reporting and acting on somewhere between 100K and
200K objects in various states with oldcmp ... never needed a script.
Usually what I do is export CSVs from tools like that and then I import
them into a SQL database and merge it all together and find out what I
need and then
We need to sync the
machine password for authentication purpose because the DR machine is not a
part of production AD domain. We have to sync the password so that Kerberos
authentication work properly (Kerberos is not working when the password do not
match). So whenever there is a password
31 matches
Mail list logo
