| Author |
Message |
Clayton Sutton
Guest
|
 Posted:
Thu Dec 22, 2005 1:58 am Post subject:
LDAP help needed |
|
|
We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following LDAP
query that will tell me all users that have NEVER logged in before. Can
someone show me how to modify the query to return all users that have not
logged into their mailbox in the last 30 days?
(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))
TIA,
Clayton
|
|
| Back to top |
|
 |
Clayton Sutton
Guest
|
| Posted:
Thu Dec 22, 2005 1:58 am Post subject:
Re: LDAP help needed |
|
|
Thnaks Joe,
We are a Univ. and Admin wants to know if students are using their
mailboxes. They want some kind of report. That's why we just want to know
who as not logged into their mailboxes in the last few days.
Clayton
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:%23xj6lGoBGHA.2668@TK2MSFTNGP14.phx.gbl...
| Quote: | Logging into AD doesn't mean someone has opened an Exchange mailbox,
exchange maintains its own info about when a mailbox was last opened and
it is in the store and not in AD.
Next, you can't use a static query to determine which users have not
logged in in the last 30 days. The attributes are time/date stamps and you
have to calculate the proper values to submit to the query. Doing
something like lastlogon=>30 days doesn't work.
Finally, lastlogon isn't replicated, each DC could have a different value
or in fact no value for any given user even if they log on 10 times that
day.
You may want to look at my oldcmp tool available at joeware.net (if you
google for oldcmp, it should be the first link). That can generate a
report of password last changed or lastlogontimestamp if you are in a
domain functional mode K3 domain. If this is for cleaning up accounts, it
is probably closer to what you really want anyway.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Clayton Sutton wrote:
We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following
LDAP
query that will tell me all users that have NEVER logged in before. Can
someone show me how to modify the query to return all users that have not
logged into their mailbox in the last 30 days?
(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))
TIA,
Clayton
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Thu Dec 22, 2005 1:58 am Post subject:
Re: LDAP help needed |
|
|
Logging into AD doesn't mean someone has opened an Exchange mailbox, exchange
maintains its own info about when a mailbox was last opened and it is in the
store and not in AD.
Next, you can't use a static query to determine which users have not logged in
in the last 30 days. The attributes are time/date stamps and you have to
calculate the proper values to submit to the query. Doing something like
lastlogon=>30 days doesn't work.
Finally, lastlogon isn't replicated, each DC could have a different value or in
fact no value for any given user even if they log on 10 times that day.
You may want to look at my oldcmp tool available at joeware.net (if you google
for oldcmp, it should be the first link). That can generate a report of password
last changed or lastlogontimestamp if you are in a domain functional mode K3
domain. If this is for cleaning up accounts, it is probably closer to what you
really want anyway.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Clayton Sutton wrote:
| Quote: | We are running a Windows 2003 domain and Exchange 2003. I am trying to
create a "Saved Query" in AD Users and Computers. I have the following LDAP
query that will tell me all users that have NEVER logged in before. Can
someone show me how to modify the query to return all users that have not
logged into their mailbox in the last 30 days?
(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*)))
TIA,
Clayton
|
|
|
| Back to top |
|
|
Mark Arnold [MVP]
Guest
|
| Posted:
Thu Dec 22, 2005 9:58 am Post subject:
Re: LDAP help needed |
|
|
Clay,
Why is this question identical to the one you asked on the 14th except
for the change of AD to Mailbox and days from 20 to 30? There isn't an
AD attribute that separates out the last logon to an actual mailbox as
oposed to authenticating to AD.
Laura proxied some information for you (via my copy/paste) and you
were also pointed at Joe's oldcmp tool by a realy helpful chap. I've
already spanked Laura for not remembering oldcmp (her being a disciple
of Joe and all)
If you are a Lunix house then surely your students logging onto AD is
going to be indicative of their presence and also a likely intention
to go into a mailbox? |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in