Options
Dsquery question..
Zaits
Member Posts: 142
Hello all,
I am looking to generate a list of all user accounts that have been inactive for x amount of time. Now I have successfully done this for computers using dsquery computer -inactive x or dsquery computer -stalepwd x ( x = number of days).
My question is when I try and do this same task for dsquery user -inactive x I don't get any syntax errors but it doesn't do anything. It just gives me a blank response. My domain and forest function levels are set to 2003 native. If anyone has any advice that would be great.
Thanks,
I am looking to generate a list of all user accounts that have been inactive for x amount of time. Now I have successfully done this for computers using dsquery computer -inactive x or dsquery computer -stalepwd x ( x = number of days).
My question is when I try and do this same task for dsquery user -inactive x I don't get any syntax errors but it doesn't do anything. It just gives me a blank response. My domain and forest function levels are set to 2003 native. If anyone has any advice that would be great.
Thanks,
Comments
-
Options
aordal
Member Posts: 372
I personally just ran the following query and got results:dsquery user -stalepwd 30 dc=contoso,dc=com
dsquery user -inactive 2 dc=contoso,dc=com
maybe give something like that a try? -
Optionsbjaxx
Member Posts: 217
Zaits wrote:aordal wrote:I personally just ran the following query and got results:
dsquery user -stalepwd 30 dc=contoso,dc=com
dsquery user -inactive 2 dc=contoso,dc=com
maybe give something like that a try?
thanks for the advice sadly... it did not work
Use dsquery /?
Paste in the command your running."You have to hate to lose more than you love to win" -
Optionsphotex
Member Posts: 25 ■□□□□□□□□□
Well the idea is nice but the command is wrong, it should be:
dsquery user dc=contoso,dc=com -stalepwd 30
Of course I should tell you to fill in your own domain name, for example your domain is:
testcase.com ->
dsquery user dc=testcase,dc=com -stalepwd 30
But then again, this will only give you a list of al the users that did not change their password for 30 days or more. :P -
Options
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
It works either way.
To the OP, are you sure you're supposed to get some results? What happens if you drop it down to 1 day? -
Optionsphotex
Member Posts: 25 ■□□□□□□□□□
You learn some every day
Didn't know it worked eather way
But still stalepwd does only give you all the users that did not change their password for X time
-
OptionsZaits
Member Posts: 142
Thanks everyone for your responses but I believe I found the answer..
On server 2000 and older there was only a attribute called "Last Logon" and in order to use the dsquery command -inactive it uses the attribute called "Lastlogontimestamp" which was added in server 2003. This is why its required to have a domain function level of 2003 to use this command. Now we just recently upgraded our domain function level to 2003 on 12/5/08. Now that its been upgraded it needs time to gather this data. I was running the command dsquery user -inactive 4 to show me users that have been inactive for the last 4 weeks. Only problem with this is it hasn't been 4 weeks for this attribute to be calculated. Today I ran this command using 1 week and now I am actually getting data. This data isn't 100% accurate though because alot of people are on vacation and it needs a longer time to calculate then just 1 week. I am assuming 30 days out from today I will have a better scope of data.
Thanks all and I hope this information I provided above helps!!
