Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.

Follow the next steps to run the script (no admin rights needed):

• open your favorite text editor
• copy and paste the script into the editor
• change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
• optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
• save the script (for example c:tempenumerate-lastlogon-nestedgroup-with-treshold.vbs)
• open a command prompt
• go to “c:temp”
• give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter

The script:

' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced

intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		Else
			CheckLastLoginWithTreshold objMember.AdsPath, 90
		End If
	Next
	Set objGroup = Nothing
End Sub

Sub CheckLastLoginWithTreshold(strDN,intTreshold)
	Set objUser = GetObject(strDN)
	On Error resume next
	Set objDate = objUser.Get("lastLogonTimestamp")
	If (Err.Number <> 0) Then
        dtmDate = #1/1/1601#
    Else
		dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
	End If
	Set objDate = Nothing
	If DateDiff("d",dtmDate,Date) > intTreshold Then
		Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
	End If
	Set objUser = Nothing
End Sub

Function TimeZoneBias
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
	Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
	For Each objTimeZone in colTimeZone
		TimeZoneBias = objTimeZone.Bias
	Next
	Set colTimeZone = Nothing
	Set objWMIService = Nothing
End Function

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

This script is a further development of my previous lastlogon script.
Changes are: time bias with wmi, less code, array based attributes.
By adding extra attributes to the arrAttributes array you can expand the output.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\enumerate-lastlogon-details2.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumerate-lastlogon-details2.vbs” (without quotes) and enter

The script:

' Name : enumerate-lastlogon-details2.vbs
' Description : script to enumerate the last logon of all AD users and a lot of user attributes V2
' Author : dirk adamsky - deludi bv
' Version : 2.00
' Date : 12-03-2010
' Level : advanced

intBias = TimeZoneBias
arrAttributes = Array("lastLogonTimeStamp","displayname","mail")

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing

strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = Join(arrAttributes,",")
Wscript.Echo Join(arrAttributes,";")
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
	On Error Resume Next
	strTempOutput = ""
	For i = 1 To Ubound(arrAttributes)
		strTempOutput =  strTempOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
		strOutput = Mid(Ltrim(strTempOutput),3)
	Next
	Set objDate = adoRecordset.Fields(arrAttributes(0)).Value
	If (Err.Number <> 0) Then
        dtmDate = #1/1/1601#
    Else
		dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
	End If
	Set objDate = Nothing
	Wscript.Echo strOutput & " ; " & dtmDate
	adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

Function TimeZoneBias
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
	For Each objTimeZone in colTimeZone
		TimeZoneBias = objTimeZone.Bias
	Next
	Set colTimeZone = Nothing
	Set objWMIService = Nothing
End Function

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

! I made a new lastlogonscript, it can be found here.
This script is based on the lastlogon script by Richard L. Mueller.
Added is an enumeration of 30 user attributes.
All in all it gives you an huge load of information…..

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:tempenumerate-lastlogon-details.vbs)
* open a command prompt
* go to “c:temp”
* give “cscript enumerate-lastlogon-details.vbs” (without quotes) and enter

The script:

' Name : enumerate-lastlogon-details.vbs
' Description : script to enumerate the last logon of all AD users and a lot of user attributes
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 25-02-2010
' Level : advanced

Option Explicit

Dim objRootDSE, adoConnection, adoCommand, strQuery, strMail, strDisname, strCompany, strDepartment
Dim adoRecordset, strDNSDomain, objShell, lngBiasKey
Dim lngBias, k, strDN, dtmDate, objDate, arrAttributes
Dim strBase, strFilter, strAttributes, lngHigh, lngLow, strOutput, i

arrAttributes = Array("cn","sAMAccountName","company","department","displayName",_
				"distinguishedName","lastKnownParent","mail","mailNickname","manager","physicalDeliveryOfficeName",_
				"postalCode","telephoneNumber","userPrincipalName","whenChanged","whenCreated",_
				"extensionAttribute1","extensionAttribute2","extensionAttribute3","extensionAttribute4","extensionAttribute5",_
				"extensionAttribute6","extensionAttribute7","extensionAttribute8","extensionAttribute9",_
				"extensionAttribute10","extensionAttribute11","extensionAttribute12","extensionAttribute13",_
				"extensionAttribute14,extensionAttribute15,lastLogonTimeStamp") 

' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLMSystemCurrentControlSetControlTimeZoneInformationActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If
Set objShell = Nothing

' Determine DNS domain from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objRootDSE = Nothing

' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on all user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = Join(arrAttributes,",")
Wscript.Echo strAttributes
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 60
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute

' Enumerate resulting recordset.
Do Until adoRecordset.EOF
    On Error Resume Next
    Set objDate = adoRecordset.Fields("lastLogonTimeStamp").Value
    If (Err.Number <> 0) Then
        On Error GoTo 0
        dtmDate = #1/1/1601#
    Else
        On Error GoTo 0
        lngHigh = objDate.HighPart
        lngLow = objDate.LowPart
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0 ) Then
            dtmDate = #1/1/1601#
        Else
            dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                + lngLow)/600000000 - lngBias)/1440
        End If
    End If
    ' Display values for the user.
    strOutput = ""
	For i = 0 To (Ubound(arrAttributes) - 1)
		strOutput = strOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
	Next
	If (dtmDate = #1/1/1601#) Then
        Wscript.Echo strOutput & " ; Never"
    ElseIf DateDiff("d",dtmDate,Date) > 90 Then
	    Wscript.Echo strOutput & " ; " & dtmDate
    End If
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objDate = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

[adrotate group="2" banner="3"]