+ Post New Thread
Results 1 to 12 of 12
Windows Server 2000/2003 Thread, Find redundant AD accounts in Technical; Hi Y'all. I have recently inherited a lovely job from many of my predecessors, of clearing all the accounts out ...
  1. #1
    comedydave's Avatar
    Join Date
    Sep 2007
    Location
    Gloucestershire, UK
    Posts
    154
    Thank Post
    9
    Thanked 9 Times in 9 Posts
    Rep Power
    16

    Cool Find redundant AD accounts

    Hi Y'all.
    I have recently inherited a lovely job from many of my predecessors, of clearing all the accounts out of AD.
    We currently use a lovely piece of software called User Management Resource Administrator (UMRA), to manage the Rolling on and off of Student accounts. And my bosses want this extending to the Staff.
    My first stage in the data cleansing is to remove all the reduntant accounts (this process being more urgent, as we are approaching UMRA's licence limit of 25000 AD objects).

    What I want to do, is audit all accounts in AD and find ones which have not been used in over 12 months?
    Is there a "Last Authenticated" attribute that I can use (UMRA can audit AD/LDAP attributes). My reason behind using last authenticated and not last logon, is that I don't want to accidentally delete service accounts, as over the years, I am sure there will be ones that have not been documented and thier removal will cause random systems to fall over.

    Thanks in advance

  2. #2
    comedydave's Avatar
    Join Date
    Sep 2007
    Location
    Gloucestershire, UK
    Posts
    154
    Thank Post
    9
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    *bump*

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,621
    Thank Post
    648
    Thanked 1,620 Times in 1,450 Posts
    Rep Power
    421
    Surely you will be able to see what is a service account and what is a user account from the name? true last login is all you will be able to do I think.

    Ben

  4. #4

    Join Date
    Mar 2007
    Location
    Bradford
    Posts
    105
    Thank Post
    7
    Thanked 14 Times in 14 Posts
    Rep Power
    18
    A simple way to do it would be to open AD, right click on 'Saved Queries' and then New Query.

    In the window which opens up give it a name and then click 'Define Query'. In the box which opens up click the box next to 'Days Since Last Logon:'. You have a choice of 30, 60, 90, 120 or 180 days.

    I'm affraid it doesn't go to 12 months but surely someone not using an account in 6 months is probably a dormant account.

    Click ok, then run the query.

  5. #5

    Join Date
    Mar 2007
    Location
    Bradford
    Posts
    105
    Thank Post
    7
    Thanked 14 Times in 14 Posts
    Rep Power
    18
    Just looking at this again, you could probably then export the query to an xml file, edit the xml so it looks at 360 days and then import it back in as a new query.

  6. #6

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,912
    Thank Post
    351
    Thanked 1,291 Times in 882 Posts
    Blog Entries
    4
    Rep Power
    1129
    You could use DumpSec (Hyena Download Page) to produce a quickly produce a report of who logged on where and when.

  7. #7
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Quote Originally Posted by markberry View Post
    A simple way to do it would be to open AD, right click on 'Saved Queries' and then New Query.

    In the window which opens up give it a name and then click 'Define Query'. In the box which opens up click the box next to 'Days Since Last Logon:'. You have a choice of 30, 60, 90, 120 or 180 days.

    I'm affraid it doesn't go to 12 months but surely someone not using an account in 6 months is probably a dormant account.

    Click ok, then run the query.
    Can I use the new query to find dormant computer accounts.

  8. #8

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    It is a lot easier to go get and then use oldcmp

  9. Thanks to PiqueABoo from:

    ranj (19th March 2010)

  10. #9
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    I used a program to few weeks ago to check the last logins of users!! for the life of me cant remember what it was called!! but I managed to remove over 400 old user accounts!!!

  11. Thanks to IanT from:

    comedydave (22nd March 2010)

  12. #10

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,921
    Thank Post
    1,193
    Thanked 1,064 Times in 755 Posts
    Rep Power
    329
    @comedydave:

    Could this be of any use to you:
    Active Directory Last Logon Tool

    This could be what IanT was talking about?

  13. Thanks to bossman from:

    comedydave (22nd March 2010)

  14. #11
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    Quote Originally Posted by bossman View Post
    @comedydave:

    Could this be of any use to you:
    Active Directory Last Logon Tool

    This could be what IanT was talking about?
    Thats the one!!!

  15. Thanks to IanT from:

    comedydave (22nd March 2010)

  16. #12
    comedydave's Avatar
    Join Date
    Sep 2007
    Location
    Gloucestershire, UK
    Posts
    154
    Thank Post
    9
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    Thanks Guys, will give that a try.

    Dovestones tools are on my list to trial in the future I think, as we are finding UMRA quite expencive. It is very powerful tho!

SHARE:
+ Post New Thread

Similar Threads

  1. IT Systems Admin now redundant
    By moobsuk in forum Educational IT Jobs
    Replies: 5
    Last Post: 11th March 2010, 01:08 PM
  2. Made redundant
    By Jiser in forum General Chat
    Replies: 12
    Last Post: 18th May 2008, 05:44 PM
  3. What to do with redundant memory?
    By speckytecky in forum Blue Skies
    Replies: 19
    Last Post: 1st April 2008, 01:50 PM
  4. Replies: 3
    Last Post: 1st August 2007, 10:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •