What domain users have never logged onto the domain?
Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted NeverLoggedOnDomain.bat to display all the distinguished names of domain users who have never logged on.
The syntax for using NeverLoggedOnDomain.bat is:
NeverLoggedOnDomain
The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:
NeverLoggedOnDomain>FileName
You can use the output in subsequent commands, as in:
for /f "Tokens=*" %%i in ('NeverLoggedOnDomain') do SomeCommand %%i
NeverLoggedOnDomain.bat contains:
@echo off
setlocal
set query=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=*))" -attr distinguishedName logonCount -limit 0
for /f "Tokens=*" %%u in ('%query%') do set line=%%u&call :parse
endlocal
exit /b 0
:parse
if /i "%line:~0,17%" NEQ "distinguishedName" goto detail
set /a pos=17
:loop
set /a pos=%pos% + 1
call set work=%%line:~%pos%^,11%%
if /i "%work%" NEQ " logonCount" goto :loop
set /a pos=%pos% + 1
set /a len=%pos% - 2
goto :EOF
:detail
call set lc=%%line:~%pos%%%
if "%lc:~0,2%" NEQ "0 " goto :EOF
call set dn="%%line:~0,%len%%%"
set dn=%dn: =%
set dn=%dn: =%
set dn=%dn: "="%
@echo %dn%
Loading Comments ...
Comments
No comments have been added for this post.
You must be logged in to make a comment.