Sign in to follow this  
Followers 0

Delete Old AD Objects?

2 posts in this topic

#1 ·  Posted

Hi guys. I am running into a problem while trying to develop a script to Delete Old Active Directory Objects (User and Computers).

What I am looking for is a way to enumerate the LastLogin attribute and then perform an action on them based on how old the object is.

I've tried searching this board the best I could (though, of course, I'm far from perfect) and couldn't find any pertinant info.

I have a .vbs script sorta does what I want, initally, which is retrieve the LastLogin info.

' List last logon times
' 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com
On Error Resume Next
sEnterDCs = "VMTest,SAVILLNT02"
sObjects = Split(sEnterDCs, ",")
Set oDomain = GetObject("WinNT://" & sObjects(0))
oDomain.Filter = Array("User")
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine
For Each oDomainItem In oDomain
  sUsrLogin = oDomainItem.LastLogin
  If UBound(sObjects) >= 1 Then
    For ii = 1 To UBound(sObjects)
      Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")
      If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin
    Next
  End If
  WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin)
Next

However, when I run it through the VBS->AutoIT Converter , and I clean up the code the best I can:

#include <array.au3>
;~ #include <bk-logfile.au3>
#include <date.au3>

; List last logon times
; 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com
;VA On Error Resume Next
$sDomainName = "VMTEst"
 $oDomain = ObjGet("WinNT://" & $sDomainName)
$oDomain.Filter = _ArrayCreate("User")
;~ _WriteLog ("Showing last login times of accounts from: " & $oDomain.Name & $vbNewLine)
For $oDomainItem In $oDomain
  $sUsrLogin = $oDomainItem.LastLogin
  If UBound($sDomainName) >= 1 Then
    For $ii = 1 To UBound($sDomainName)
       $oUsr = ObjGet("WinNT://" & $sDomainName($ii) & "/" & $oDomainItem.Name & ",user")
      If $oUsr.LastLogin > $sUsrLogin Then $sUsrLogin = $oUsr.LastLogin
    Next
  EndIf
  MsgBox(0,$oDomainItem.Name, $sUsrLogin)
Next

It gives me the last login for the first (administrator) account, but it doesn't cycle through each account.

The error I get is:

Line19 : ==> The requested action with this object has failed.:

$sUsrLogin = $oDomainItem.LastLogin

$sUsrLogin = $oDomainItem.LastLogin^ ERROR

Any ideas? Am I doing too much / too little?

Thanks.

~Seen

Share this post


Link to post
Share on other sites



#2 ·  Posted

Oh, man that's some ugly code!

Notice how you are passing in an array of multiple DCs and looping through them. In your converted version this fails because you are not referencing an array: If UBound($sDomainName) >= 1 Then

That must be an old NT 4 domain script you are looking at. Hard to believe it was applied to Active Directory domains that way. There are much better ways to get a list of user/computer attributes in Win2K and above. Look for just basic "list users in AD domain" type scripts and go from there.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0