Hi, I ahve the following script that enumerates the OU int he domain specified and shows me a count of machines that have not changed their account within x days. What I want it to do is give me a list (as opposed to count) of all machines that have not changed their account within the x days.

Any help greatly appreciated!!

Option Explicit

dim connection
dim command
dim total
dim count
'dim countns
dim recordset
dim adsPath
dim thisComputer
dim dtmValue
dim domain
dim arguments
dim dc
dim pos1
dim pos2

const ADS_SCOPE_SUBTREE = 2
const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
const threshold = 30 ' number of days within which the password should change

Set connection = CreateObject("ADODB.Connection")
Set command = CreateObject("ADODB.Command")
connection.Provider = "ADsDSOObject"
connection.Open "Active Directory Provider"

set arguments = wScript.arguments
if(arguments.Count < 1) then
call usage()
end if

dc = lcase(arguments(0))

if instr(dc,".") then
pos1 = instr(dc,".")
pos2 = instr(pos1+1,dc,".")
domain = mid(dc,pos1+1,pos2-pos1-1)
else
wscript.echo "Please use fully qualified host name for the DC."
wscript.quit
end if

wscript.echo "Querying " & dc & " for domain " & domain

total = 0
count = 0
'countns = 0

' look for computer objects with operating system that contains the word 'server'
Set command.ActiveConnection = connection
command.CommandText = _
"Select Name, adsPath, operatingSystem from 'LDAP://" & dc & "/DC=" & lcase(domain) & ",DC=zzz,DC=com' " _
& "where objectClass='computer' and operatingSystem = '*Professional*'"

command.Properties("Page Size") = 1000
command.Properties("Timeout") = 500
command.Properties("Searchscope") = ADS_SCOPE_SUBTREE
command.Properties("Cache Results") = False

Set recordSet = command.execute

recordSet.moveFirst
' loop through all machines found and retrieve the password last changed attribute
do until recordSet.EOF
total = total + 1
' wscript.echo "Computer Name: " & recordSet.Fields("adspath").Value
adsPath = recordSet.fields("adsPath").Value
Set thisComputer = GetObject(adsPath)
On Error Resume Next
dtmValue = thisComputer.PasswordLastChanged
' if err.number = E_ADS_PROPERTY_NOT_FOUND then
' this computer account has been created but never used
' countns = countns + 1
' else
' check how many days since the password changed
if datediff("d",dtmvalue,now) < threshold then
' password has changed within the threshold period
count = count + 1
end if
' end if
recordSet.moveNext
Loop

wscript.echo "Query complete"
wscript.echo "Total workstation accounts in " & lcase(domain) & ".zzz.com = " & total
wscript.echo "Active workstation accounts = " & count
'wscript.echo "Workstation accounts created but never used = " & countns

sub usage()
WScript.Echo "Usage:" & vbNewLine & vbNewLine &_
"c:\>cscript wkstncount.vbs DC" & vbNewLine & vbNewLine &_
"DC: target domain controller" & vbNewLine &_
"e.g. cscript wkstncount.vbs dc.zzz.com"
wscript.quit(0)
end sub
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

There are no answers at this time
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

Answer this question or Comment on this question for clarity