| Author |
Message |
Clayton Sutton
Guest
|
 Posted:
Thu Dec 15, 2005 12:08 am Post subject:
LDAP help needed |
|
|
We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following LDAP
query that will tell me all users that have NEVER logged in before. Can
someone show me how to modify the query to return all users that have not
logged in in the last 20 days?
(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))
TIA,
Clayton
|
|
| Back to top |
|
 |
Mark Arnold [MVP]
Guest
|
| Posted:
Thu Dec 15, 2005 1:00 am Post subject:
Re: LDAP help needed |
|
|
Laura Hunter says:
You'll want to query on lastLogonTimestamp, not lastLogon, since
lastLogon isn't replicated between domain controllers - otherwise
you'll need to query each DC individually. lastLogonTimestamp is a
replicated attribute that requires DFL2 in whatever domain you're
running the query for, but can be off by as much as 14 days - see
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx.
Basically you'll need to use the following query:
(&(objectCategory=person)(objectClass=user)(lastLogonTimestamp<=127204308000000000))
lastLogonTimestamp is stored in a long integer format, download
datetointeger8.zip from Dan Petri's site to produce the actual format
you want: http://www.petri.co.il/software/datetointeger8.zip. |
|
| Back to top |
|
|
Clayton Sutton
Guest
|
| Posted:
Thu Dec 15, 2005 1:38 am Post subject:
Re: LDAP help needed |
|
|
Mark (or Laura) :)
What is DFL2?
Clayton
"Mark Arnold [MVP]" <mark@mvps.org> wrote in message
news:vsq0q1td67orvuqd0gvcarv778ktipk82n@4ax.com...
| Quote: | Laura Hunter says:
You'll want to query on lastLogonTimestamp, not lastLogon, since
lastLogon isn't replicated between domain controllers - otherwise
you'll need to query each DC individually. lastLogonTimestamp is a
replicated attribute that requires DFL2 in whatever domain you're
running the query for, but can be off by as much as 14 days - see
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx.
Basically you'll need to use the following query:
(&(objectCategory=person)(objectClass=user)(lastLogonTimestamp<=127204308000000000))
lastLogonTimestamp is stored in a long integer format, download
datetointeger8.zip from Dan Petri's site to produce the actual format
you want: http://www.petri.co.il/software/datetointeger8.zip.
|
|
|
| Back to top |
|
|
Mark Arnold [MVP]
Guest
|
| Posted:
Thu Dec 15, 2005 1:55 am Post subject:
Re: LDAP help needed |
|
|
On Wed, 14 Dec 2005 13:38:16 -0600, "Clayton Sutton" <none@none.com>
wrote:
| Quote: | Mark (or Laura) :)
What is DFL2?
Clayton
Domain Functional Level |
DFL0 - 2K mixed. DFL1 - 2K native. DFL2 - 2K3. |
|
| Back to top |
|
|
Jorge de Almeida Pinto
Guest
|
| Posted:
Thu Dec 15, 2005 1:58 am Post subject:
Re: LDAP help needed |
|
|
try using OLDCMP from joeware.net
(http://www.joeware.net/win/free/tools/oldcmp.htm)
--
Cheers,
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
"Clayton Sutton" <none@none.com> wrote in message
news:ev$4YlNAGHA.532@TK2MSFTNGP15.phx.gbl...
| Quote: | We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following
LDAP query that will tell me all users that have NEVER logged in before.
Can someone show me how to modify the query to return all users that have
not logged in in the last 20 days?
(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))
TIA,
Clayton
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in