Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » how to get the Account Disabled Date
how to get the Account Disabled Date [message #409035] Wed, 10 March 2010 07:24 Go to next message
nik  is currently offline nik  Canada
Messages: 115
Registered: September 2009
Senior Member
How can I read the date a specific account was disabled
eg what else needs to go in here?
>dsquery * dc=mydomain,dc=lab -filter "(&(objectClass=person)(name=nik))
>" -attr displayName givenName sn WhenCreated
Re: how to get the Account Disabled Date [message #409080 is a reply to message #409035] Wed, 10 March 2010 08:54 Go to previous message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Nik" <test> wrote in message
news:uC%232i0FwKHA.3896@TK2MSFTNGP02.phx.gbl...
> How can I read the date a specific account was disabled
> eg what else needs to go in here?
>>dsquery * dc=mydomain,dc=lab -filter "(&(objectClass=person)(name=nik))
>>" -attr displayName givenName sn WhenCreated
>

You can add a clause to your filter that checks the appropriate bit of the
userAccountControl attribute so you only get info on user accounts that are
disabled. The clause to AND with the others is:

(userAccountControl:1.2.840:113556:1.4.803:=2)

You can also retrieve the modifyTimeStamp attribute of the users. However,
this is the time of the last change to the user object, which could be the
time when the account was disabled, but it is certainly possible that some
other change was made after the account was disabled. The command could be
(watch line wrapping, this is one line):

dsquery * dc=MyDomain,dc=com -filter
"(&(objectCategory=perons)(objectClass=user)
(userAccountControl:1.2.840:113556:1.4.803:=2))" -attr sAMAccountName
modifyTimeStamp

I use the modifyTimeStamp attribute because it is replicated. There is also
a whenChanged attribute, but it is not replicated so a different value is
saved on every DC.

Finally if you know the "pre-Windows 2000 logon", name of the user, you
don't need the other clauses. The command could be:

dsquery * dc=MyDomain,dc=com -filter
" (&(sAMAccountName=nik)(userAccountControl:1.2.840:113556 :1.4.803:=2)) " -attr
sAMAccountName modifyTimeStamp

And, if the name you have is the Common Name of the user, you can use a
query similar to:

dsquery * dc=MyDomain,dc=com -filter
" (&(cn=nik)(userAccountControl:1.2.840:113556:1.4.803:=2) ) " -attr
sAMAccountName modifyTimeStamp

but remember that the cn attribute may not uniquely identify the user, so
there may be more than one user returned. When the dsquery utility is used,
the clause (name=nik) is the same as (cn=nik). The cn attribute must be
unique in the OU or container, but there can be many user objects in the
domain with the Common Name (as long as they are each in a different OU).

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Previous Topic:Help!!! Migration Problem!
Next Topic:finally going native
Goto Forum:
  


Current Time: Fri Jan 19 00:45:12 MST 2018

Total time taken to generate the page: 0.03339 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software