[gptalk] Re: Finding active users

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 25 Jun 2008 13:43:20 -0500

There are a lot of good products out there, but I've always preferred to
script this type of automation so that I can remain flexible. This
cleanup aspect is becoming an increasingly big part of identity
lifecycle management products like Microsoft MIIS/ILM, which can tie
into Active Directory and completely automate the entire process for
you, if you aren't afraid of writing a little VB or C# code.

Jamie Nelson | Infrastructure Consultant | BI&T Operations | Devon
Energy | Work: 405.552.8054 | http://www.dvn.com

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of jfvanmeter@xxxxxxxxxxx
Sent: Wednesday, June 25, 2008 3:03 AM
To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Finding active users

The problem I've always had with finding active or enactive user
accounts are:

1. Mac users that use Outlook for email, they have a valid user account,
but they may never login, they only authinicated for the purpose of
accessing there mailbox.

2. Service accounts

There are alot of scripts you can write/download to query a DC for user
rue that is only one site, google can really be your friend. 

I've never had a large budget so I've always had to do things on a shoe
string. I'm currently covering most of my vbscripts to powershell or

The one thing that has helped me the most is to document any special
accounts  so when someone goes looking for inactive accounts they don't
delete hundreds of Mac users or all of my service accounts. 

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: "Ray Lewis" <ray@xxxxxxxxxxxxxxx>
> Been down this road and tried a few different products myself. The 
> only one I found that didn't give me erroneous information was AD
Janitor by Specops.
> http://www.specopssoft.com/products/adjanitor/
>   _____
> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]

> On Behalf Of Mike Johnston
> Sent: 25 June 2008 03:29
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Finding active users
> Howdy all... Our domain has kind of gotten out of control with users 
> coming and going and I'd like to get control of it.  What is the best 
> way to build a list of current active users on my Windows 2003 domain?

> We have many that haven't logged in for over 6 months so there 
> accounts are sitting and waiting for a password change.  Is there a 
> way (or a script) that print out last long on or which accounts are 
> waiting for a password change?  We don't expire our accounts, just the
password.  Any help would be great!

Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system. 
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: