NT4 doesn't allow to query with a filter. You
enumerate and filter yourself. The way you would have to do it with getuserinfo
is to get a list of all computers in the domain (net view) and then ask for info
on each one and parse out the password age. You may be able to do a query like
thing with WMI but it is still enumerating so has none of the speed of a real
query like you get with AD.
You can look for other tools that can dump en masse or
maybe do the enumeration for you. I do not currently have anything. I thought
about making an oldcmpNT but it is a completely different program from oldcmp
and I just never did it as I had other things I wanted to do
more.
Alternatively, you should be able to write an entire adsi
script to do dump everything as well.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Tuesday, November 01, 2005 12:40 PM
To: [email protected]
Subject: Re: [ActiveDir] NT enumeration
Thanks a lot.
What I'm trying to do is get a listing of every active computer in an NT
4.0 domain.
I guess i can't see anyway to make your tool(or any tool) filter based on
that.
I can only query 1 pc and get info for that.
I guess WINS or a browse list is not accurate?
Thanks again.
cool tool
On 11/1/05, joe
<[EMAIL PROTECTED]>
wrote:
1. You are welcome2. You need to use NET * API. I have one tool that will get that info for computers in an NT4 domain and that is getuserinfo, it gets info for one single specified userid. You will specify a computer by the domain\machinename$. Don't forget the $ on the end.3. Yeah, they should go every 30 days.joe
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, November 01, 2005 11:56 AM
To: [email protected]
Subject: Re: [ActiveDir] NT enumeration
1.Thanks2. I know how to get pwdLastSet in AD. How do you get passwords ages in NT sams?3. If i have win2k clients, they would be setting their passwords every 30 days even in a NT domain?Thanks again.
On 11/1/05, joe <[EMAIL PROTECTED]> wrote:If you just care about real machines (i.e. no Wintendo machines - Win9x) then you enumerate the computer accounts in the domain and try to contact all of them and verify their password ages. NT machines should be changing passwords every 7 days unless that was overridden.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, November 01, 2005 11:10 AM
To: activedirectory
Subject: [ActiveDir] NT enumeration
What is the most accurate way to enumerate "live" machines on an NT domain?Check WINS?Net View?What is the most accurate and reliable way to list all machines in an NT domain that are active?Thanks a lot
