Thanks for the feedback, Robbie. Not precisely certain about the
situation. I'd have to do more investigation on it. Provided a
sufficiently long period of time, it would probably be okay. I was
looking to trim at a 30 day time frame. During some of the searches, I
did note some active machines that hadn't reset their machine account
passwords recently.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Wednesday, October 29, 2003 11:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DNS Record Timestamp
There are a couple of ways you can get it. If you are a command line
hacker, you could use this:
dnscmd . /enumrecords rallencorp.com foobar /detail | findstr
dwTimeStamp
If you are looking to do it via VBScript or Perl, then you'll want to
look
at the MicrosoftDNS_ResourceRecord WMI class. It has a Timestamp
property:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dns
/mic
rosoftdns_resourcerecord.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dns/dn
s/mi
crosoftdns_resourcerecord.asp
BTW, in what situation does password change date not work if you use a
sufficiently long expiration period?
Robbie Allen
http://www.rallenhome.com/ http://www.rallenhome.com/
-Original Message-
From: Marcus Oh [mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] ]
Sent: Wednesday, October 29, 2003 8:54 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DNS Record Timestamp
Curious if anyone knows if the DNS record timestamp can be exposed by
script? I'm working on a script to delete old machine accounts.
Problem
is, machine account age is not always accurate based on the last
password
change date. I'd like to do a query against DNS and examine the
record
timestamp as a secondary checkpoint prior to deleting the machine
account.
Any ideas? :-)
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/