Additionally, if it were me and if you've not done so already, I'd disable all of those unused accounts while I was counting. (oldcmp does this as well, no?)
Many unused accounts + at least one or two that have probably never changed from some default (or blank) password = monstrous attack vector waiting to happen. (I'm big on the equations today for some reason.) - Laura > -----Original Message----- > From: Creamer, Mark [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 16, 2005 4:56 PM > To: [email protected] > Subject: RE: [ActiveDir] Determining active user accounts > > Thanks Laura, good suggestion. I forgot I could use oldcmp > for users as well. Great tool, Joe. > > Thanks > > <mc> > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Hunter, Laura E. > Sent: Thursday, June 16, 2005 3:56 PM > To: [email protected] > Subject: RE: [ActiveDir] Determining active user accounts > > Wouldn't the accounts that don't need server access show up > as inactive > if you ran them through joe's 'oldcmp'? If so, then couldn't > you get a > fair approximation from: > > CALs required = [Total user objects] - [user objects flagged > by oldcmp] > > ? > > [Insert standard "Call your reseller for definitive licensing advice" > disclaimer here.] > > - Laura > > > -----Original Message----- > > From: Creamer, Mark [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 16, 2005 3:40 PM > > To: [email protected] > > Subject: [ActiveDir] Determining active user accounts > > > > We need to get a count of users that are active, so we can > > make sure our purchasing of 2003 User CALs is as accurate as > > possible. However, every employee of the company has an > > account in Active Directory, but only a certain percentage of > > those users ever access a server or need to authenticate. > > What's the best way to determine how many users we need to > > have a User CAL for? > > > > Mark Creamer > > > > Systems Engineer > > > > Cintas Corporation > > > > > > This e-mail transmission contains information that is > > intended to be confidential and privileged. If you receive > > this e-mail and you are not a named addressee you are hereby > > notified that you are not authorized to read, print, retain, > > copy or disseminate this communication without the consent of > > the sender and that doing so is prohibited and may be > > unlawful. Please reply to the message immediately by > > informing the sender that the message was misdirected. After > > replying, please delete and otherwise erase it and any > > attachments from your computer system. Your assistance in > > correcting this error is appreciated. > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > This e-mail transmission contains information that is > intended to be confidential and privileged. If you receive > this e-mail and you are not a named addressee you are hereby > notified that you are not authorized to read, print, retain, > copy or disseminate this communication without the consent of > the sender and that doing so is prohibited and may be > unlawful. Please reply to the message immediately by > informing the sender that the message was misdirected. After > replying, please delete and otherwise erase it and any > attachments from your computer system. Your assistance in > correcting this error is appreciated. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
