LDAP help needed

[Clayton Sutton]

We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following LDAP
query that will tell me all users that have NEVER logged in before. Can
someone show me how to modify the query to return all users that have not
logged in in the last 20 days?

(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))


TIA,


Clayton

 

[Mark Arnold [MVP]]

Laura Hunter says:

You'll want to query on lastLogonTimestamp, not lastLogon, since
lastLogon isn't replicated between domain controllers - otherwise
you'll need to query each DC individually. lastLogonTimestamp is a
replicated attribute that requires DFL2 in whatever domain you're
running the query for, but can be off by as much as 14 days - see
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx.

Basically you'll need to use the following query:

(&(objectCategory=person)(objectClass=user)(lastLogonTimestamp<=127204308000000000))

lastLogonTimestamp is stored in a long integer format, download
datetointeger8.zip from Dan Petri's site to produce the actual format
you want: http://www.petri.co.il/software/datetointeger8.zip.

 

[Clayton Sutton]

Mark (or Laura)

What is DFL2?

Clayton

 

[Mark Arnold [MVP]]

Mark (or Laura)

What is DFL2?

Clayton

Domain Functional Level
DFL0 - 2K mixed. DFL1 - 2K native. DFL2 - 2K3.

 

[Jorge de Almeida Pinto]

try using OLDCMP from joeware.net
(http://www.joeware.net/win/free/tools/oldcmp.htm)