LDAP Question

  • Thread starter Thread starter Marty D
  • Start date Start date
M

Marty D

I am using a program here that connects to AD. I wanted to know if
anyone had a ldap script that would help me find users that have not
logged in over 90 days.

I know win 2003 has a scripter that you can use but i need to actually
see the script to import it into another program. that is the only one i
cant see. for deleted users it lets me see the script.

also the same thing for computers too.
 
Hey Marty,

In .net you would do something like this:

DateTime now = DateTime.Now;
DateTime nowMinus90Days = now.AddDays(-90);
long utcTime = nowMinus90Days.ToFileTimeUtc();

DirectoryEntry entry = new DirectoryEntry("LDAP://DC=...");
DirectorySearcher src = new DirectorySearcher(entry,
"(&(objectclass=user)(lastlogon<=" + utcTime.ToString() + "))");
src.SearchScope = SearchScope.Subtree;

SearchResultCollection results = src.FindAll();

foreach (SearchResult result in results)
{
string name = result.Properties["name"][0].ToString();
string path = result.Path;

Console.WriteLine(name);
}

This will give you all users and all computers that have not logged on in
the last 90 days since the computer class inherits the user class in the AD.
I guess you can easily translate this to script.

HTH, Jakob.
 
Back
Top