What domain users have never logged onto the domain?

Posted On 2005-11-1 by FortyPoundHead
Keywords: Users never logged on
Views: 1512

Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted NeverLoggedOnDomain.bat to display all the distinguished names of domain users who have never logged on.

The syntax for using NeverLoggedOnDomain.bat is:


The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:


You can use the output in subsequent commands, as in:

for /f "Tokens=*" %%i in ('NeverLoggedOnDomain') do SomeCommand %%i

NeverLoggedOnDomain.bat contains:

@echo off


set query=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=*))" -attr distinguishedName logonCount -limit 0

for /f "Tokens=*" %%u in ('%query%') do set line=%%u&call :parse


exit /b 0


if /i "%line:~0,17%" NEQ "distinguishedName" goto detail

set /a pos=17


set /a pos=%pos% + 1

call set work=%%line:~%pos%^,11%%

if /i "%work%" NEQ " logonCount" goto :loop

set /a pos=%pos% + 1

set /a len=%pos% - 2

goto :EOF


call set lc=%%line:~%pos%%%

if "%lc:~0,2%" NEQ "0 " goto :EOF

call set dn="%%line:~0,%len%%%"

set dn=%dn: =%

set dn=%dn: =%

set dn=%dn: "="%

@echo %dn%

About the Author

has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links