Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.
Follow the next steps to run the script (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
- optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
- save the script (for example c:tempenumerate-lastlogon-nestedgroup-with-treshold.vbs)
- open a command prompt
- go to “c:temp”
- give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter
The script:
' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced
intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
Else
CheckLastLoginWithTreshold objMember.AdsPath, 90
End If
Next
Set objGroup = Nothing
End Sub
Sub CheckLastLoginWithTreshold(strDN,intTreshold)
Set objUser = GetObject(strDN)
On Error resume next
Set objDate = objUser.Get("lastLogonTimestamp")
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
If DateDiff("d",dtmDate,Date) > intTreshold Then
Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
End If
Set objUser = Nothing
End Sub
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
Thanks for the script. I didn’t get into the vb scripting but am just now getting into powershell and wmi. Your copy and paste left off some “\” on line 41. It took me a little time, because of the non vb background, but I understnad what’s going on now. The script works great!
Hi Tony,
Nice to hear.
Thank you.
Best regards,
dirk adamsky