Cleaning up AD

  • Thread starter Thread starter Dr Zoidberg.
  • Start date Start date
D

Dr Zoidberg.

I remember seeing on here a few tools that can be used to identify when
user and computer accounts were last used so I know which ones can safely be
deleted from AD.

I've had a quick look through google but can't find the posts I'm after.

Any suggestions?

--
Alex

"I laugh in the face of danger"

"Then I hide until it goes away"

www.drzoidberg.co.uk
 
Quick answer:
You can run a batch against the accounts (dumped from
either Reskit ADDUSERS.exe or LDIF.exe) using NET USER,
and search on Last Logon. USRSTAT.exe will give you user
account status - however it will give you status from
every DC so you will get multiple entries per user.
Or just get a dump from LDIF and parse on the LDAP attrib.
lastLogon however the timestamp format is not real user-
readable.
 
Brian said:
Quick answer:
You can run a batch against the accounts (dumped from
either Reskit ADDUSERS.exe or LDIF.exe) using NET USER,
and search on Last Logon. USRSTAT.exe will give you user
account status - however it will give you status from
every DC so you will get multiple entries per user.
Or just get a dump from LDIF and parse on the LDAP attrib.
lastLogon however the timestamp format is not real user-
readable.
Click to expand...
I've got the ResKit installed on one of the domain controllers , but can't
find any trace of LDIF or ADDUSERS either on the server or in the
documentation.

USRSTAT seems to do the job for identifying old users quite nicely though.

--
Alex

"I laugh in the face of danger"

"Then I hide until it goes away"

www.drzoidberg.co.uk
 
Back
Top