RE: [ActiveDir] DNS Record Timestamp

2003-10-30 Thread Marcus Oh 
Thanks for the feedback, Robbie.  Not precisely certain about the
situation.  I'd have to do more investigation on it.  Provided a
sufficiently long period of time, it would probably be okay.  I was
looking to trim at a 30 day time frame.  During some of the searches, I
did note some active machines that hadn't reset their machine account
passwords recently.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Wednesday, October 29, 2003 11:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DNS Record Timestamp

There are a couple of ways you can get it.  If you are a command line
hacker, you could use this:
dnscmd . /enumrecords rallencorp.com foobar /detail | findstr
dwTimeStamp

If you are looking to do it via VBScript or Perl, then you'll want to
look
at the MicrosoftDNS_ResourceRecord WMI class.  It has a Timestamp
property:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns
/mic
rosoftdns_resourcerecord.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dn
s/mi
crosoftdns_resourcerecord.asp 

BTW, in what situation does password change date not work if you use a
sufficiently long expiration period?

Robbie Allen
http://www.rallenhome.com/ http://www.rallenhome.com/ 

  -Original Message-
 From: Marcus Oh [mailto:[EMAIL PROTECTED]
 mailto:[EMAIL PROTECTED] ] 
 Sent: Wednesday, October 29, 2003 8:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  [ActiveDir] DNS Record Timestamp
 
 Curious if anyone knows if the DNS record timestamp can be exposed by
 script?  I'm working on a script to delete old machine accounts.
Problem
 is, machine account age is not always accurate based on the last
password
 change date.  I'd like to do a query against DNS and examine the
record
 timestamp as a secondary checkpoint prior to deleting the machine
account.
 
 Any ideas?  :-)
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] DNS Record Timestamp

2003-10-29 Thread Robbie Allen 
There are a couple of ways you can get it.  If you are a command line
hacker, you could use this:
dnscmd . /enumrecords rallencorp.com foobar /detail | findstr
dwTimeStamp

If you are looking to do it via VBScript or Perl, then you'll want to look
at the MicrosoftDNS_ResourceRecord WMI class.  It has a Timestamp property:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/mic
rosoftdns_resourcerecord.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns/mi
crosoftdns_resourcerecord.asp 

BTW, in what situation does password change date not work if you use a
sufficiently long expiration period?

Robbie Allen
http://www.rallenhome.com/ http://www.rallenhome.com/ 

  -Original Message-
 From: Marcus Oh [mailto:[EMAIL PROTECTED]
 mailto:[EMAIL PROTECTED] ] 
 Sent: Wednesday, October 29, 2003 8:54 PM
 To:   [EMAIL PROTECTED]
 Subject:  [ActiveDir] DNS Record Timestamp
 
 Curious if anyone knows if the DNS record timestamp can be exposed by
 script?  I'm working on a script to delete old machine accounts.  Problem
 is, machine account age is not always accurate based on the last password
 change date.  I'd like to do a query against DNS and examine the record
 timestamp as a secondary checkpoint prior to deleting the machine account.
 
 Any ideas?  :-)
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/