Login  | |
|
 |
RE: lastLogonTimestamp - 7/20/2005 7:33:22 AM
|
|
 |
|
| |
ebgreen
Posts: 4613
Score: 31
Joined: 7/12/2005
Status: offline
|
What is the problem?
|
|
| |
|
|
|
|
RE: lastLogonTimestamp - 7/20/2005 7:46:21 AM
|
|
|
|
| |
ebgreen
Posts: 4613
Score: 31
Joined: 7/12/2005
Status: offline
|
Well, assuming that obj.objObject.Name is a typo in your reply and that the code in your OP is accurate, then what happens if you put:
On Error Resume Next
On the line immediately abovr the line that is erroring and put:
On Error Goto 0
On the line immediately after the line that is erroring.
|
|
| |
|
|
|
|
RE: lastLogonTimestamp - 7/20/2005 8:17:23 AM
|
|
|
|
| |
ebgreen
Posts: 4613
Score: 31
Joined: 7/12/2005
Status: offline
|
On Error Resume Next gave you a syntaxt error? Could you post the lines of code that you used?
|
|
| |
|
|
|
|
RE: lastLogonTimestamp - 7/20/2005 8:17:27 AM
|
|
|
|
| |
Xandros
Posts: 100
Score: 0
Joined: 6/23/2005
From:
Status: offline
|
Bkhsms, you might want to try this script as an alternate base from which to start. Unless you are running Active Directory 2003 your script will fail (it might anyway due to the very last "wscript.echo" statement... try echoing the "intLLTS" variable instead). The propertyname "lastlogonTimeStamp" is new in 2003. The almost-equivalent in earlier releases of AD is "lastlogon" (which also still exists in 2003). However, there are two other potential gotcha's... If you have multiple domain controllers in your forest only 2003 replicates the value of "lastlogonTimeStamp" to each DC ("lastlogon" is not replicated... go figure). Also, the replication is only guaranteed to occur at least every 14 days. Both of these "features" means that you might not obtain the most accurate info.
The only safe work-around in a multi-DC environment is to query each of the DC's and use the most recent value regardless of which AD version you have.
Here is a working script (I've coded for 2003 and earlier but only tested it in my single-DC Win 2000 AD environment).
Option Explicit
Const ADS_SCOPE_SUBTREE = 2
Dim objRootDSE
Dim objConnection, objCommand, objRecordSet
Dim UserDN, objUser, strDNSDomain, strQuery
Dim objLogon, strWeeks, strDays, intLogonTime
Dim intLLTS, intReqCompare, ADVersion
'ADVersion = "2003"
ADVersion = "2000"
' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory for all Users.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
strQuery = "SELECT distinguishedName FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory = 'User'"
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
UserDN = objRecordSet.Fields("distinguishedName").Value
Set objUser = GetObject("LDAP://" & UserDN)
' Begin calculation
If ADVersion = "2003" Then
set objLogon = objUser.Get("lastLogonTimeStamp")
Else
set objLogon = objUser.Get("lastLogon")
End If
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
intLLTS = intLogonTime + #1/1/1601#
strDays = strWeeks * 7
intReqCompare = Now - strDays
If intLLTS < intReqCompare Then
wscript.echo Mid(objUser.Name,4) & " last logged on at " & intLLTS
End If
objRecordSet.MoveNext
Loop
|
|
| |
|
|
|
|
RE: lastLogonTimestamp - 7/25/2005 6:57:49 AM
|
|
|
|
| |
bkhsms
Posts: 7
Score: 0
Joined: 7/8/2005
Status: offline
|
This is the script as it is progressing thus far. With all of your help we've gotten this to the point where it outputs the results based on querying AD 2003 on the lastLogonTimeStamp attribute. The script fails if it runs across a user object that does not have this value set. I've countered this by just entering an "on error resume next". The problem is that my results are getting multiple hits for one user and at the same time one hit (as it should be) for others. I've bastardized some other scripts here to come up with the end result. Could someone do a sanity check for me and point out what could be returning multiple hits for one user object? Thanks:
Const ADS_SCOPE_SUBTREE = 1
Const ForWriting = 2
Const ForAppending = 8
Dim objRootDSE
Dim objConnection, objCommand, objRecordSet
Dim UserDN, objUser, strDNSDomain, strQuery
Dim objLogon, strWeeks, strDays, intLogonTime
Dim intLLTS, intReqCompare, ADVersion
Dim oXLS : Set oXLS = WScript.CreateObject("Excel.Application")
'Configure Excel while leaving the spreadsheet hidden
oXLS.WorkBooks.Add
oXLS.Columns(1).ColumnWidth = 20
oXLS.Columns(2).ColumnWidth = 10
oXLS.Columns(3).ColumnWidth = 20
'Set column headers
oXLS.Cells(1, 1).Value = "User Name"
oXLS.Cells(1, 2).Value = "User ID"
oXLS.Cells(1, 3).Value = "Last Logon Date"
'Format text (bold)
oXLS.Range("A1:C1").Select
oXLS.Selection.Font.Bold = True
oXLS.Selection.Interior.ColorIndex = 1
oXLS.Selection.Interior.Pattern = 1 'xlSolid
oXLS.Selection.Font.ColorIndex = 2
'Left Align text
oXLS.Columns("B:B").Select
oXLS.Selection.HorizontalAlignment = &hFFFFEFDD ' xlLeft
ADVersion = "2003"
'ADVersion = "2000"
' Determine DNS domain name from RootDSE object.
'Set objRootDSE = GetObject("LDAP://RootDSE")
'strDNSDomain = objRootDSE.Get("defaultNamingContext")
Input1 = InputBox("Enter the root DSE to query","Last Logon Timestamp")
If Input1 = "" Then
MsgBox "You must enter a valid DSE", 64, "Alert"
End if
strDNSDomain = Input1
'Number of weeks to check
Input2 = InputBox("Enter the number of weeks to check","Last Logon Timestamp")
If Input2 = "" Then
MsgBox "You must enter a valid integer", 64, "Alert"
End If
strWeeks = Input2
' Use ADO to search Active Directory for all Users.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
strQuery = "SELECT distinguishedName FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory = 'User'"
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute
intIndex = 2
i = 0
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
UserDN = objRecordSet.Fields("distinguishedName").Value
Set objUser = GetObject("LDAP://" & UserDN)
'Begin calculation
If ADVersion = "2003" Then
'On error Resume Nex
set objLogon = objUser.Get("lastLogonTimeStamp") <--ERROR if LLTS attrib not set
Else
set objLogon = objUser.Get("lastLogon")
End If
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
intLLTS = intLogonTime + #1/1/1601#
strDays = strWeeks * 7
intReqCompare = Now - strDays
If intLLTS < intReqCompare Then
strUser = Mid(objUser.Name,4)
strSamAcct = objUser.samAccountName
strDate = IntLLTs
End If
call Show(strUser, strSAMAcct, strDate)
i = i + 1
objRecordSet.MoveNext
Loop
'Make the spreadsheet visable
oXLS.Visible = TRUE
Sub Show(strUser, strSAMAcct, strDate)
oXLS.Cells(intIndex, 1).Value = strUser
oXLS.Cells(intIndex, 2).Value = strSAMAcct
oXLS.Cells(intIndex, 3).Value = strDate
intIndex = intIndex + 1
oXLS.Cells(intIndex, 1).Select
End Sub
|
|
| |
|
|
|
|
|
Printable Version
lastLogonTimestamp - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread