+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Scripts Thread, Powershell Help in Coding and Web Development; Depends on what you want to do. Whenever I've set about finding old users or computers I haven't cared about ...
  1. #16

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Depends on what you want to do. Whenever I've set about finding old users or computers I haven't cared about precision, so I'd be happy to use LastLogonTimestamps more than say 100 days old and not worry if that sometimes gets a few accounts that actually last logged on 84-100 days ago coz they're old too.

    Chasing round for the freshest LastLogon is the kind of thing I'd do if I wanted to know if someone (or a computer) logged on recently e.g. this morning, yesterday etc.,

  2. Thanks to PiqueABoo from:

    FN-GM (31st January 2012)

  3. #17

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,769
    Thank Post
    860
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Would you know how to make the script chase around please? I assume it would be allot of work?

    I may Google to see if there is a way to increase the replication period or if there is a way to force the attribute to replicate then run the script. What are your thoughts please?

    Thanks for your help.

  4. #18

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,769
    Thank Post
    860
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Can you just confirm i have got something correct.

    When the users logs on, it will check the DC to see if the timestamp is older than 14 days. If it is older than 14 days it updates it with a new one. If it is under 14 it ignores it. Because of this you wont end up with this scenario:

    On July 2, the script disables account_A. On July 4, the admin enables the account so that account_A can log in. On July 9, the script runs again and the account is disabled again.

    Thanks

  5. #19


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,708
    Thank Post
    220
    Thanked 2,615 Times in 1,926 Posts
    Rep Power
    777
    Quote Originally Posted by FN-GM View Post
    I may Google to see if there is a way to increase the replication period or if there is a way to force the attribute to replicate then run the script.
    Have you seen this?

    “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” « Ask the Directory Services Team

    If you need more accuracy, you could query the event logs...

    It is important to note that the intended purpose of the lastLogontimeStamp attribute to help identify inactive computer and user accounts. The lastLogon attribute is not designed to provide real time logon information. With default settings in place the lastLogontimeStamp will be 9-14 days behind the current date.

    If you are looking for more “real-time” logon tracking you will need to query the Security Event log on your DC’s for the desired logon events i.e. 528 –Windows XP/2003 and earlier or 4624 Windows Vista/2008. See this blog post by Eric Fitzgerald for more info. (I think he knows something about auditing)

    IMO your best bet for near real-time data is to use an event log collection service to gather all domain controller security event logs to a centralized database. You can then query a single database for the desired logon events. Microsoft’s solution for security event log collection is Audit Collection Services. There are many 3rd party solutions as well.

  6. #20

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,769
    Thank Post
    860
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    I have read it thanks. I think i am going to reduce the time on the attribute to 7 days.

    Thanks

  7. #21

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,769
    Thank Post
    860
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442
    Quote Originally Posted by FN-GM View Post
    Thanks for the input. What would i need to do with the script I posted to make this now do the same for computer accounts please?

    Thanks

    Does anyone have any suggestions regarding this please?

    Thanks

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 3
    Last Post: 27th October 2011, 06:35 PM
  2. Powershell help needed please!
    By RabbieBurns in forum Scripts
    Replies: 2
    Last Post: 13th May 2010, 09:12 AM
  3. Powershell Help
    By mbedford in forum Coding
    Replies: 0
    Last Post: 1st August 2009, 03:25 PM
  4. Powershell Exchange 2007 help
    By maf_001 in forum Coding
    Replies: 2
    Last Post: 14th June 2009, 08:57 PM
  5. Exchange 2007 Powershell Help
    By ezzauk in forum Windows
    Replies: 0
    Last Post: 25th September 2008, 01:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •