Jump to content
Sign in to follow this  

Delete Old AD Objects?

Recommended Posts


Hi guys. I am running into a problem while trying to develop a script to Delete Old Active Directory Objects (User and Computers).

What I am looking for is a way to enumerate the LastLogin attribute and then perform an action on them based on how old the object is.

I've tried searching this board the best I could (though, of course, I'm far from perfect) and couldn't find any pertinant info.

I have a .vbs script sorta does what I want, initally, which is retrieve the LastLogin info.

' List last logon times
' 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com
On Error Resume Next
sEnterDCs = "VMTest,SAVILLNT02"
sObjects = Split(sEnterDCs, ",")
Set oDomain = GetObject("WinNT://" & sObjects(0))
oDomain.Filter = Array("User")
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine
For Each oDomainItem In oDomain
  sUsrLogin = oDomainItem.LastLogin
  If UBound(sObjects) >= 1 Then
    For ii = 1 To UBound(sObjects)
      Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")
      If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin
  End If
  WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin)

However, when I run it through the VBS->AutoIT Converter , and I clean up the code the best I can:

#include <array.au3>
;~ #include <bk-logfile.au3>
#include <date.au3>

; List last logon times
; 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com
;VA On Error Resume Next
$sDomainName = "VMTEst"
 $oDomain = ObjGet("WinNT://" & $sDomainName)
$oDomain.Filter = _ArrayCreate("User")
;~ _WriteLog ("Showing last login times of accounts from: " & $oDomain.Name & $vbNewLine)
For $oDomainItem In $oDomain
  $sUsrLogin = $oDomainItem.LastLogin
  If UBound($sDomainName) >= 1 Then
    For $ii = 1 To UBound($sDomainName)
       $oUsr = ObjGet("WinNT://" & $sDomainName($ii) & "/" & $oDomainItem.Name & ",user")
      If $oUsr.LastLogin > $sUsrLogin Then $sUsrLogin = $oUsr.LastLogin
  MsgBox(0,$oDomainItem.Name, $sUsrLogin)

It gives me the last login for the first (administrator) account, but it doesn't cycle through each account.

The error I get is:

Line19 : ==> The requested action with this object has failed.:

$sUsrLogin = $oDomainItem.LastLogin

$sUsrLogin = $oDomainItem.LastLogin^ ERROR

Any ideas? Am I doing too much / too little?



Share this post

Link to post
Share on other sites

Oh, man that's some ugly code!

Notice how you are passing in an array of multiple DCs and looping through them. In your converted version this fails because you are not referencing an array: If UBound($sDomainName) >= 1 Then

That must be an old NT 4 domain script you are looking at. Hard to believe it was applied to Active Directory domains that way. There are much better ways to get a list of user/computer attributes in Win2K and above. Look for just basic "list users in AD domain" type scripts and go from there.


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.