Dsquery question..

Hello all,

I am looking to generate a list of all user accounts that have been inactive for x amount of time. Now I have successfully done this for computers using dsquery computer -inactive x or dsquery computer -stalepwd x ( x = number of days).

My question is when I try and do this same task for dsquery user -inactive x I don't get any syntax errors but it doesn't do anything. It just gives me a blank response. My domain and forest function levels are set to 2003 native. If anyone has any advice that would be great.

Thanks,

Find more posts tagged with

Comments

aordal

I personally just ran the following query and got results:

dsquery user -stalepwd 30 dc=contoso,dc=com

dsquery user -inactive 2 dc=contoso,dc=com

maybe give something like that a try?

Zaits

aordal wrote:
I personally just ran the following query and got results:
dsquery user -stalepwd 30 dc=contoso,dc=com
dsquery user -inactive 2 dc=contoso,dc=com
maybe give something like that a try?

thanks for the advice sadly... it did not work

bjaxx

Zaits wrote:
aordal wrote:
I personally just ran the following query and got results:
dsquery user -stalepwd 30 dc=contoso,dc=com
dsquery user -inactive 2 dc=contoso,dc=com
maybe give something like that a try?
thanks for the advice sadly... it did not work

Use dsquery /?

Paste in the command your running.

aordal

are you running the commands on a domain controller?

photex

Well the idea is nice but the command is wrong, it should be:

dsquery user dc=contoso,dc=com -stalepwd 30

Of course I should tell you to fill in your own domain name, for example your domain is:
testcase.com ->

dsquery user dc=testcase,dc=com -stalepwd 30

But then again, this will only give you a list of al the users that did not change their password for 30 days or more. :P

dynamik

It works either way.

To the OP, are you sure you're supposed to get some results? What happens if you drop it down to 1 day?

photex

You learn some every day

Didn't know it worked eather way

But still stalepwd does only give you all the users that did not change their password for X time

Zaits

Thanks everyone for your responses but I believe I found the answer..

On server 2000 and older there was only a attribute called "Last Logon" and in order to use the dsquery command -inactive it uses the attribute called "Lastlogontimestamp" which was added in server 2003. This is why its required to have a domain function level of 2003 to use this command. Now we just recently upgraded our domain function level to 2003 on 12/5/08. Now that its been upgraded it needs time to gather this data. I was running the command dsquery user -inactive 4 to show me users that have been inactive for the last 4 weeks. Only problem with this is it hasn't been 4 weeks for this attribute to be calculated. Today I ran this command using 1 week and now I am actually getting data. This data isn't 100% accurate though because alot of people are on vacation and it needs a longer time to calculate then just 1 week. I am assuming 30 days out from today I will have a better scope of data.

Thanks all and I hope this information I provided above helps!!

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of