Windows Vista Tips
Home Register Members Search Windows Vista Tips File Database Links
Member Login:

Windows Vista Tips > Newsgroups > Windows Server > Active Directory > how to get the Account Disabled Date

Reply
Thread Tools Display Modes

how to get the Account Disabled Date

 
 
Nik
Guest
Posts: n/a

 
      03-10-2010
How can I read the date a specific account was disabled
eg what else needs to go in here?
>dsquery * dc=mydomain,dc=lab -filter "(&(objectClass=person)(name=nik))
>" -attr displayName givenName sn WhenCreated
 
Reply With Quote
 
 
 
 
Richard Mueller [MVP]
Guest
Posts: n/a

 
      03-10-2010

"Nik" <test> wrote in message
news:uC%...
> How can I read the date a specific account was disabled
> eg what else needs to go in here?
>>dsquery * dc=mydomain,dc=lab -filter "(&(objectClass=person)(name=nik))
>>" -attr displayName givenName sn WhenCreated
>

You can add a clause to your filter that checks the appropriate bit of the
userAccountControl attribute so you only get info on user accounts that are
disabled. The clause to AND with the others is:

(userAccountControl:1.2.840:113556:1.4.803:=2)

You can also retrieve the modifyTimeStamp attribute of the users. However,
this is the time of the last change to the user object, which could be the
time when the account was disabled, but it is certainly possible that some
other change was made after the account was disabled. The command could be
(watch line wrapping, this is one line):

dsquery * dc=MyDomain,dc=com -filter
"(&(objectCategory=perons)(objectClass=user)
(userAccountControl:1.2.840:113556:1.4.803:=2))" -attr sAMAccountName
modifyTimeStamp

I use the modifyTimeStamp attribute because it is replicated. There is also
a whenChanged attribute, but it is not replicated so a different value is
saved on every DC.

Finally if you know the "pre-Windows 2000 logon", name of the user, you
don't need the other clauses. The command could be:

dsquery * dc=MyDomain,dc=com -filter
"(&(sAMAccountName=nik)(userAccountControl:1.2.840 :113556:1.4.803:=2))" -attr
sAMAccountName modifyTimeStamp

And, if the name you have is the Common Name of the user, you can use a
query similar to:

dsquery * dc=MyDomain,dc=com -filter
"(&(cn=nik)(userAccountControl:1.2.840:113556:1.4. 803:=2))" -attr
sAMAccountName modifyTimeStamp

but remember that the cn attribute may not uniquely identify the user, so
there may be more than one user returned. When the dsquery utility is used,
the clause (name=nik) is the same as (cn=nik). The cn attribute must be
unique in the OU or container, but there can be many user objects in the
domain with the Common Name (as long as they are each in a different OU).

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
 
Reply With Quote
Reply

« Help!!! Migration Problem! | finally going native »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Administrator account problems JoeB Windows Vista Administration 7 09-24-2007 04:09 PM
Default Administrator account accessable in Ultimate ,not in home Craig L Davies Windows Vista Administration 9 09-10-2007 03:00 PM
Rename Accounts Dave Windows Vista Administration 4 06-29-2007 04:56 PM
No more Admins... Rodolfo Windows Vista Administration 15 05-04-2007 02:43 AM
Disabled User Account Control and disabled Administrator account. Craig L Davies Windows Vista Administration 2 03-11-2007 06:38 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Windows Vista Tips - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59