Hey joe,
I used your perl script with ADFIND and it worked fantastic!
thanks for creating such brilliant tools.
Amy
joe <[EMAIL PROTECTED]> wrote:
joe <[EMAIL PROTECTED]> wrote:
Hi Amy,AdFind won't read a list of users from your spreadsheet. It accepts a given query and then outputs the results from it. The query you have below says return all objects which have an objectclass of user which matches users, computers, and trusts. If you want info for a specific user, specify something unique that AdFind can zero in on for the user OR specify the DN of the user object for the -b switch (base DN). So for instance, say you had the same accountname attribute for each user your filter would be "samaccountname=xxx" where xxx would be the samAccountName of whichever user you were looking up.To do multiple users out of a file, you would need to use some sort of script to loop through the file. Preferably, you generated that list based on some attribute in AD (say like employeetype or something) and then you just use that for the query.As for the values that got output... You probably want the -tdcs switch which will convert the int8 (64 bit integer) values into human readable times.Oh, lastLogon is not replicated, it is only good on the DC that you are querying. LastLogonTimestamp is replicated but isn't updated for every authentication.If you want the info in CSV format, which is likely when you have many objects you want info for, add -csv to the adfind switches.So if you had a list of samaccountnames in a text file called user.txt and you wanted that info, a basic perl script to get it would be something like...# perl script startmy $base="-b dc=hantspol,dc=gov,dc=uk"; # use -default if you have a single domain
my $attrlist="lastLogonTimeStamp"; # space delimited list of attributes for output
my $cnt=0;
foreach my $this (<>)
{
chomp $this;
my $filter="\"samaccountname=$this\"";
my $cmd="adfind $base -f $filter $attrlist -tdcs -csv \"\"";
if ($cnt) {$cmd.=" -nocsvheader"};
print`$cmd`;
$cnt++;
}# perl script endThe run of that would look something likeG:\Temp>test.pl user.txt
"dn","lastLogonTimeStamp"
"CN=joe,OU=Users,OU=My,DC=test,DC=loc",""
"CN=$joe,OU=Users,OU=My,DC=test,DC=loc","2006/06/11-08:20:27 Eastern Standard Time"
"CN=Administrator,CN=Users,DC=test,DC=loc","2006/06/11-10:33:25 Eastern Standard Time"This could easily be changed into something that takes params or what not... It is just something to get you going... I wrap AdFind into perl scripts very regularly.Perl can actually read an excel file and output to an excel file but it isn't something I am aware of how to do right off the top of my head.joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amy Hunter
Sent: Wednesday, November 08, 2006 8:22 AM
To: [email protected]
Subject: [ActiveDir] Exporting LastLogon attributeHey all!I have a spreadsheet of temp users who I would like to find out when they last logged onto the domain. Domain is W2kR2I've read about using ADFIND to query AD, I typed the following commandadfind -b dc=hantspol,dc=gov,dc=uk -f "objectclass=user" user lastlogon lastlogontimestampThe problem I found was that it gave me every users information + I didn't understand the format that the attribute returned.is there any kind sole who could help me? or show me a tool which can help me...>lastLogon: 128067753345482744
>lastLogonTimestamp: 128066652382719329What do they mean?thanksAmy Hunter
Yahoo! Photos NEW, now offering a quality print service from just 8p a photo.
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
- [ActiveDir] Exporting LastLogon attribute Amy Hunter
- RE: [ActiveDir] Exporting LastLogon attribute joe
- RE: [ActiveDir] Exporting LastLogon attribute Amy Hunter
Reply via email to
