What domain users have never logged onto the domain?

---

Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted NeverLoggedOnDomain.bat to display all the distinguished names of domain users who have never logged on.

The syntax for using NeverLoggedOnDomain.bat is:



NeverLoggedOnDomain



The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:



NeverLoggedOnDomain>FileName



You can use the output in subsequent commands, as in:



for /f "Tokens=*" %%i in ('NeverLoggedOnDomain') do SomeCommand %%i



NeverLoggedOnDomain.bat contains:



@echo off

setlocal

set query=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=*))" -attr distinguishedName logonCount -limit 0

for /f "Tokens=*" %%u in ('%query%') do set line=%%u&call :parse

endlocal

exit /b 0

:parse

if /i "%line:~0,17%" NEQ "distinguishedName" goto detail

set /a pos=17

:loop

set /a pos=%pos% + 1

call set work=%%line:~%pos%^,11%%

if /i "%work%" NEQ " logonCount" goto :loop

set /a pos=%pos% + 1

set /a len=%pos% - 2

goto :EOF

:detail

call set lc=%%line:~%pos%%%

if "%lc:~0,2%" NEQ "0 " goto :EOF

call set dn="%%line:~0,%len%%%"

set dn=%dn:   =%

set dn=%dn:  =%

set dn=%dn: "="%

@echo %dn%

About this post

Posted: 2005-11-1
By: FortyPoundHead
Viewed: 1,664 times

Categories

Attachments

No attachments for this post

Comments

No comments have been added for this post.

You must be logged in to make a comment.