LDAP & LastLogin for ComputersThanks hunter.
here is some code to determine all DC's in the AD domain (so you dont need
to hardcode the DC server list). It doesnt take into account the relative
site topology. This routine basically returns a collection of DC's, with the
server name, and FQDN of the server. Can be simplified to only return the
name or FQDN, which means the return collection can be just strings, not a
collection of classes (easier to handle in script), or just tap into the
While..Not loop and do your processing.
Glenn
(Sorry to the scripties, its in VB.NET - and the formatting, damn OLE doesnt
paste code very well)
Public Class ServerColl
Public ServerName As String
Public LDAPPath As String
End Class
Public Function GetDomainDCs() As Collection
'General Description:
'This function returns a Collection of ServerColl objects for all
' domain controllers in the current domain
'
'Input Values:
' None
'
'Output Values:
' Collection of ServerColl objects
Dim RetCol As New Collection()
Dim oRootDSE
Dim strConfigNC As String
Dim strQuery As String
Dim oConnection
Dim oCmd
Dim oRecordSet
Dim oParent
Dim ServerRec As ServerColl
' Get the Configuration Naming Context
oRootDSE = GetObject("LDAP://RootDSE";)
strConfigNC = oRootDSE.Get("configurationNamingContext")
' Set up the oConnection
oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Open("ADs Provider")
' Build the query to find all DC Records
strQuery = "<LDAP://"; & strConfigNC &
">;(objectClass=nTDSDSA);ADsPath;subtree"
oCmd = CreateObject("ADODB.Command")
oCmd.ActiveConnection = oConnection
oCmd.CommandText = strQuery
oRecordSet = oCmd.Execute
' Iterate through the results
If oRecordSet.Eof And oRecordSet.Bof Then
'Errrr....couldnt find any DC's, perform some sort of freak-out routine
Else
While Not oRecordSet.EOF
ServerRec = New ServerColl()
oParent = GetObject(GetObject(oRecordSet.Fields("ADsPath").Value).Parent)
' Output the name of the server
ServerRec.ServerName = oParent.cn
ServerRec.LDAPPath = oParent.AdsPath
RetCol.Add(ServerRec)
oRecordSet.MoveNext()
End While
End If
oRecordSet.Close()
oRootDSE=Nothing
GetDomainDCs = RetCol
End Function
----- Original Message -----
From: Coleman, Hunter
To: '[EMAIL PROTECTED]'
Sent: Thursday, August 07, 2003 12:09 PM
Subject: RE: [ActiveDir] LDAP & LastLogin for Computers
I'm getting the computer "lastlogin" attribute, which as I understand it is
the most recent time that the workstation authenticated to a domain
controller. I believe the oldest this timestamp would be is the last time
the machine started up. Also, lastlogin is not a replicated attribute, so
you have to check either all of the domain controllers or at a minimum all
of the domain controllers in the workstation's site in order to get an
accurate value. I'll send you a copy of the script separately.
Hunter
From: Glenn Corbett [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 7:28 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] LDAP & LastLogin for Computers
Hunter,
Are you actually querying the workstation, or just the user accounts ? If
your finding out when a computer was last logged onto, I would LOVE to have
a copy of the script as well (so I can kick our desktop support guys in the
bum to clean up *MY* AD) *grin*
Glenn
[EMAIL PROTECTED]
----- Original Message -----
From: Coleman, Hunter
To: '[EMAIL PROTECTED]'
Sent: Thursday, August 07, 2003 3:48 AM
Subject: RE: [ActiveDir] LDAP & LastLogin for Computers
I've sent you off-list a copy of a script we use to get this information.
Hope it helps
Hunter
From: England, Christopher M [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 8:22 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] LDAP & LastLogin for Computers
Greetings all,
I am trying to pull LDAP queries on computer accounts and I want to find out
the last time someone logged into the machine. "WhenModified" is just the
computer account object and "LastLogin" is just for user accounts. Am I out
of luck?
What I have is this: 400 or so computer accounts in one OU (with many
sub-OUs) probably need to be 1) moved to a new OU or 2) deleted. #1 happens
if they have logged in in say the last few months. #2 if not.
Any suggestions would be great!
Thanks,
Chris
---------------------------------------------------------
Christopher England
Server Administrator
MCSA, Server+, Network+, A+
College Information Technology Office
Indiana University
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
