Jump to content

Recommended Posts

In your query you can use the following to only show enabled accounts:

(!userAccountControl:1.2.840.113556.1.4.803:=2)

You can use the whenCreated to get the account creation time, you can use StringFormat or as in the example below, use Melba23 Date_Time_Convert udf (see code below for download url) to convert the whenCreated into a readable format that can be used with _DateDiff to determine the date difference.

#include <AD.au3>
;~ Download Melba23 Date_Time_Convert <DTC.au3> UDF from https://www.autoitscript.com/forum/topic/154684-date_time_convert-bugfix-version-27-may-15/
#include <DTC.au3>
#include <File.au3>

_GetUsers()

Func _GetUsers()
    ; Open Connection to the Active Directory.
    _AD_Open()
    If @error Then Exit MsgBox(16, "Active Directory Error", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

    ; Search all of AD for contractors and exclude _DT accounts.
    $aUserObjects = _AD_GetObjectsInOU("", "(&(objectcategory=person)(objectclass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!(sAMAccountName=*_dt)(|(title=*contractor*)(title=*consultant*)(description=*contractor*)(description=*consultant*))))", 2, "sAMAccountName,accountExpires,whenCreated")
    ;~ Insert another column for date difference
    _ArrayColInsert($aUserObjects, 3)

    ;~ To delete an array item (removing accounts that are less than 90 days), you need to reverse the loop
    For $i = UBound($aUserObjects) - 1 To 1 Step - 1
        ;~ Convert accountExpires to readable date/time
        If IsObj($aUserObjects[$i][1]) Then $aUserObjects[$i][1] = _GetADDateTime($aUserObjects[$i][1], 1)
        If $aUserObjects[$i][2] <> "" Then
            ;~ Convert whenCreated to readable date/time (required for _DateDiff function
            $aUserObjects[$i][2] = _Date_Time_Convert($aUserObjects[$i][2], "yyyyMMddHHmmss", "yyyy/MM/dd HH:mm:ss")
            ;~ Get date difference in days between whenCreated and accountExpires
            If $aUserObjects[$i][1] <> "n/a" Then
                $aUserObjects[$i][3] = _DateDiff("D", $aUserObjects[$i][2], $aUserObjects[$i][1])
                ;~ If the date difference is less than 90 days then remove from the array
                If $aUserObjects[$i][3] < 90 Then _ArrayDelete($aUserObjects, $i)
            EndIf
        EndIf
    Next

    _ArrayDisplay($aUserObjects)

    _AD_Close()

EndFunc   ;==>_GetUsers

Func _GetADDateTime($_oADObject, $_iFlag = 0)
    Local $sAD_DTStruct, $sTemp3
    If $_iFlag = 1 Then
        If $_oADObject.LowPart = -1 Then Return 0
        If $_oADObject.LowPart > 0 And $_oADObject.HighPart > 0 Then
            $sAD_DTStruct = DllStructCreate("dword low;dword high")
            DllStructSetData($sAD_DTStruct, "Low", $_oADObject.LowPart)
            DllStructSetData($sAD_DTStruct, "High", $_oADObject.HighPart)
            $sAD_Temp = _Date_Time_FileTimeToSystemTime(DllStructGetPtr($sAD_DTStruct))
            $sTemp3 = _Date_Time_SystemTimeToTzSpecificLocalTime(DllStructGetPtr($sAD_Temp))
            Return _Date_Time_SystemTimeToDateTimeStr($sTemp3, 1)
        EndIf
    EndIf
 ; Convert IADsLargeInteger parts to 100ns count
 $iLowPart = $_oADObject.LowPart
 $iHighPart = $_oADObject.HighPart
 If $iLowPart < 0 Then $iHighPart += 1; Compensate for IADsLargeInteger interface error
 $iDateParts= $iHighPart * 2 ^ 32
 $iDateParts+= $iLowPart

 ; Check if user ever logged in
 If $iDateParts= 0 Then
    Return "n/a"
 Else
 ; Convert 100ns count to integer seconds
 $iSeconds = Floor($iDateParts/ 10000000)

 ; Convert seconds since 12:00AM January 01, 1601 to date string
 $sDateTime = _DateAdd("S", $iSeconds, "1601/01/01 00:00:00")

 ; Display result
 Return $sDateTime
 EndIf
EndFunc

 

Link to post
Share on other sites
  • Replies 40
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...