RE: [ActiveDir] list lastlogontime for every user script

[joe]

n/p     -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm      From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 30, 2006 5:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script Thanks for the insight.  BTW, DHTML won’t be missed… J   :m:dsm:cci:mvp | marcusoh.blogspot.com   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, October 28, 2006 12:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script   Every time an auth occurs that updates the lastLogon (not logonTime like I miswrote last time)  attribute a calculation is done based on the update frequency value. This frequency can be modified by updating the msDS-LogonTimeSyncInterval attribute on the domain NC head (for AD). If the update frequency is greater than the swing value (5 days) then the update frequency value is modified by subtracting a random number in the range of 0-5. That resulting value (by default 9-14 days) is then compared to the length of time it has been since the last update. If the time has exceeded that value, the stamp is updated. The minimum frequency value for AD is 1 day, the max is in the hundreds of years so not something you will likely notice a problem with. ADAM allows you to specify 0 through the ADAMLastLogonTimestampWindow entry of the msDS-Other-Settings attribute of the nTDSService object for the instance which means update the attribute for every logon. This isn't an issue with ADAM as it is with AD since with AD your machine can be doing auths on your behalf all through the day and causing a lot of replication. ADAM auth is all very directed and specific.       joe      -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 9:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script by the short description in msdn, if sounds as if there’s a comparison done when the user logs on.  If it’s been at least a week since the value was updated, it’s subject to being updated again?  At that point, the random calculation?   :m:dsm:cci:mvp | marcusoh.blogspot.com   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, October 27, 2006 12:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script   It isn't, it is randomly calculated every time logonTime is updated.   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, October 26, 2006 9:49 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script How is this 9-14 day value tracked for each user object, by the way?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, October 26, 2006 5:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] list lastlogontime for every user script   oldcmp   Keep in mind that by default, lastLogonTimeStamp is not updated every day, it will be updated about every 9-14 days (14 days with a random swing of minus 0-5 days).   You can output to csv or html, whatever is more convenient for you.   Alternately if you just want to query the value directly, you can use adfind to generate the output.   However, oldcmp tends to be easier for most folks.     joe   -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan Sent: Thursday, October 26, 2006 4:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] list lastlogontime for every user script Hi,   I am trying to do an script or something that will list lastlogontime for all users so I can receive an email when someone has not use the account for more than 30 days.   I have seen a couple of examples of half built scripts that don't work, I get lost when they start dealing with the converting the number to a date...   Does anyone has a script will do some similar? does Joe ware has something similar?   Thanks   Ramon