Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Delete Old AD Objects?


  • Please log in to reply
1 reply to this topic

#1 Seen

Seen

    Seeker

  • Active Members
  • 27 posts

Posted 05 December 2007 - 07:39 PM

Hi guys. I am running into a problem while trying to develop a script to Delete Old Active Directory Objects (User and Computers).

What I am looking for is a way to enumerate the LastLogin attribute and then perform an action on them based on how old the object is.

I've tried searching this board the best I could (though, of course, I'm far from perfect) and couldn't find any pertinant info.

I have a .vbs script sorta does what I want, initally, which is retrieve the LastLogin info.
' List last logon times ' 2001-03-27 John Savill, Jakob Hussfelt <a href='http://www.ntfaq.com' class='bbc_url' title='External link' rel='nofollow external'>http://www.ntfaq.com</a> On Error Resume Next sEnterDCs = "VMTest,SAVILLNT02" sObjects = Split(sEnterDCs, ",") Set oDomain = GetObject("WinNT://" & sObjects(0)) oDomain.Filter = Array("User") WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine For Each oDomainItem In oDomain   sUsrLogin = oDomainItem.LastLogin   If UBound(sObjects) >= 1 Then     For ii = 1 To UBound(sObjects)       Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")       If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin     Next   End If   WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin) Next


However, when I run it through the VBS->AutoIT Converter , and I clean up the code the best I can:

#include <array.au3> ;~ #include <bk-logfile.au3> #include <date.au3> ; List last logon times ; 2001-03-27 John Savill, Jakob Hussfelt <a href='http://www.ntfaq.com' class='bbc_url' title='External link' rel='nofollow external'>http://www.ntfaq.com</a> ;VA On Error Resume Next $sDomainName = "VMTEst"  $oDomain = ObjGet("WinNT://" & $sDomainName) $oDomain.Filter = _ArrayCreate("User") ;~ _WriteLog ("Showing last login times of accounts from: " & $oDomain.Name & $vbNewLine) For $oDomainItem In $oDomain   $sUsrLogin = $oDomainItem.LastLogin   If UBound($sDomainName) >= 1 Then     For $ii = 1 To UBound($sDomainName)        $oUsr = ObjGet("WinNT://" & $sDomainName($ii) & "/" & $oDomainItem.Name & ",user")       If $oUsr.LastLogin > $sUsrLogin Then $sUsrLogin = $oUsr.LastLogin     Next   EndIf   MsgBox(0,$oDomainItem.Name, $sUsrLogin) Next


It gives me the last login for the first (administrator) account, but it doesn't cycle through each account.

The error I get is:

Line19 : ==> The requested action with this object has failed.:
$sUsrLogin = $oDomainItem.LastLogin
$sUsrLogin = $oDomainItem.LastLogin^ ERROR

Any ideas? Am I doing too much / too little?

Thanks.

~Seen







#2 PsaltyDS

PsaltyDS

    Most Venerable Penguin

  • MVPs
  • 13,279 posts

Posted 05 December 2007 - 08:28 PM

Oh, man that's some ugly code!

Notice how you are passing in an array of multiple DCs and looping through them. In your converted version this fails because you are not referencing an array: If UBound($sDomainName) >= 1 Then

That must be an old NT 4 domain script you are looking at. Hard to believe it was applied to Active Directory domains that way. There are much better ways to get a list of user/computer attributes in Win2K and above. Look for just basic "list users in AD domain" type scripts and go from there.

:)
Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users