G
Guest
Script or command tool to use with NET USE would be great
Thanks,
Thanks,
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A resource kit command that allows the NET USER command to get info strictly from a specific contain
J
Joe Richards [MVP]
NET USER is a NT Legacy tool, it uses the Net API which has no concept of OUs,
it will not be able to break out info based on what OU the user is in.
What kind of info are you looking for? You could probably get it with another
command line tool that does LDAP queries or by writing a script.
joe
it will not be able to break out info based on what OU the user is in.
What kind of info are you looking for? You could probably get it with another
command line tool that does LDAP queries or by writing a script.
joe
G
Guest
We are trying to parse out the user information within our OU so that we know when the users in the OU last changed their password so we can make a script to email us when they need to be changed. The users we are concerned about are shared IDs that are used by applications to run services
Does that make sense? I think it's probably pretty easy, but I can't find a tool that will break it down to that simple form.;
Does that make sense? I think it's probably pretty easy, but I can't find a tool that will break it down to that simple form.;
J
Joe Richards [MVP]
Ah, my first recommendation would be to go pick up Robbie Allen's book AD
Cookbook, lots of scripting examples that should help out. Actually I think he
has one similar to what you are trying to do here.
Alternatively, I have a couple of tools on my website that might help you, check
out on the free win32 tools page of www.joeware.net the tools secdata and adfind.
Secdata will output various security info in csv format, one of those fields is
password age and password last set values. You can specify what you want the
search base to be if you would like.
Adfind is a generic command line ldap query tool. It has some added features for
Windows LDAP Servers such as decoding common time fields etc...
Secdata output would look something like (it looks rough due to text wrap, looks
perfect in a text file or excel spreadsheet which means easy to parse in a script):
[Tue 05/11/2004 15:29:09.96]
F:\DEV\cpp\SecData>secdata joe.com * /b cn=users,dc=joe,dc=com
Secdata V02.03.00cpp Joe Richards ([email protected]) August 2002
Processed at 2k3dc01.joe.com
Default Naming Context: DC=joe,DC=com
Search base : cn=users,dc=joe,dc=com
Search filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
sAMAccountName;cn;distinguishedName;badPasswordTime;badPwdCount;lastLogon;logonCount;pwdLastSet;PwdAge;lockoutTime;accountExpires;createTimeStamp;ObjAge;modifyTimeStamp;ModAge;user
AccountControl;
Administrator;Administrator;CN=Administrator,CN=Users,DC=joe,DC=com;03/09/2004-02:54:18;0;05/10/2004-00:42:41;31;03/08/2004-16:26:23;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/0
3/2004-14:42;68;05/10/2004-01:42;1;NO_PWD_EXPIRE ;
Guest;Guest;CN=Guest,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;00/00/0000-00:00:00;-1;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-14:42;68;04/10/200
4-17:25;30;PWD_NOT_REQ NO_PWD_EXPIRE DISABLED ;
SUPPORT_388945a0;SUPPORT_388945a0;CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/08/2004-21:39:49;63;00/00/0000-00:00:00;00/00/0000-00:00
:00;03/03/2004-14:42;68;04/10/2004-17:25;30;NO_PWD_EXPIRE DISABLED ;
krbtgt;krbtgt;CN=krbtgt,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/09/2004-00:25:07;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-14:42;68;04/10/
2004-17:25;30;EXPIRED DISABLED ;
$jricha34;$jricha34;CN=$jricha34,CN=Users,DC=joe,DC=com;05/10/2004-10:32:40;0;05/11/2004-14:01:12;65535;03/09/2004-02:56:24;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-15
:06;68;05/03/2004-16:55;7;NO_PWD_EXPIRE ;
$$Jricha34;$$Jricha34;CN=$$Jricha34,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;03/26/2004-17:30:00;16;03/25/2004-18:42:12;46;00/00/0000-00:00:00;00/00/0000-00:00:00;03/25/2004-18
:42;46;04/10/2004-17:25;30;EXPIRED ;
NormalUser;NormalUser;CN=NormalUser,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/28/2004-20:26:00;43;00/00/0000-00:00:00;00/00/0000-00:00:00;03/28/2004-20:
26;43;04/10/2004-17:25;30;EXPIRED ;
joedoe;joedoe;CN=joedoe,CN=Users,DC=joe,DC=com;04/12/2004-14:36:22;0;04/12/2004-11:36:57;4;04/12/2004-11:35:14;29;00/00/0000-00:00:00;00/00/0000-00:00:00;04/12/2004-12:35;28;04/12/
2004-15:36;28;;
joetest;joetest;CN=joetest,CN=Users,DC=joe,DC=com;04/28/2004-23:43:39;3;04/28/2004-23:39:08;1;04/28/2004-23:38:53;12;00/00/0000-00:00:00;00/00/0000-00:00:00;04/29/2004-00:37;12;04/
29/2004-01:25;12;;
[Tue 05/11/2004 15:29:14.15]
F:\DEV\cpp\SecData>
Adfind output will look like
[Tue 05/11/2004 15:33:57.47]
F:\DEV\cpp\SecData>adfind -b cn=users,dc=joe,dc=com -tdc -f
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" pwdLastSet
AdFind V01.15.00cpp Joe Richards ([email protected]) April 2004
Using server: 2k3dc01.joe.com
dn:CN=Administrator,CN=Users,DC=joe,DC=com
9 Objects returned
[Tue 05/11/2004 15:34:12.37]
F:\DEV\cpp\SecData>
Cookbook, lots of scripting examples that should help out. Actually I think he
has one similar to what you are trying to do here.
Alternatively, I have a couple of tools on my website that might help you, check
out on the free win32 tools page of www.joeware.net the tools secdata and adfind.
Secdata will output various security info in csv format, one of those fields is
password age and password last set values. You can specify what you want the
search base to be if you would like.
Adfind is a generic command line ldap query tool. It has some added features for
Windows LDAP Servers such as decoding common time fields etc...
Secdata output would look something like (it looks rough due to text wrap, looks
perfect in a text file or excel spreadsheet which means easy to parse in a script):
[Tue 05/11/2004 15:29:09.96]
F:\DEV\cpp\SecData>secdata joe.com * /b cn=users,dc=joe,dc=com
Secdata V02.03.00cpp Joe Richards ([email protected]) August 2002
Processed at 2k3dc01.joe.com
Default Naming Context: DC=joe,DC=com
Search base : cn=users,dc=joe,dc=com
Search filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=*))
sAMAccountName;cn;distinguishedName;badPasswordTime;badPwdCount;lastLogon;logonCount;pwdLastSet;PwdAge;lockoutTime;accountExpires;createTimeStamp;ObjAge;modifyTimeStamp;ModAge;user
AccountControl;
Administrator;Administrator;CN=Administrator,CN=Users,DC=joe,DC=com;03/09/2004-02:54:18;0;05/10/2004-00:42:41;31;03/08/2004-16:26:23;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/0
3/2004-14:42;68;05/10/2004-01:42;1;NO_PWD_EXPIRE ;
Guest;Guest;CN=Guest,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;00/00/0000-00:00:00;-1;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-14:42;68;04/10/200
4-17:25;30;PWD_NOT_REQ NO_PWD_EXPIRE DISABLED ;
SUPPORT_388945a0;SUPPORT_388945a0;CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/08/2004-21:39:49;63;00/00/0000-00:00:00;00/00/0000-00:00
:00;03/03/2004-14:42;68;04/10/2004-17:25;30;NO_PWD_EXPIRE DISABLED ;
krbtgt;krbtgt;CN=krbtgt,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/09/2004-00:25:07;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-14:42;68;04/10/
2004-17:25;30;EXPIRED DISABLED ;
$jricha34;$jricha34;CN=$jricha34,CN=Users,DC=joe,DC=com;05/10/2004-10:32:40;0;05/11/2004-14:01:12;65535;03/09/2004-02:56:24;63;00/00/0000-00:00:00;00/00/0000-00:00:00;03/03/2004-15
:06;68;05/03/2004-16:55;7;NO_PWD_EXPIRE ;
$$Jricha34;$$Jricha34;CN=$$Jricha34,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;03/26/2004-17:30:00;16;03/25/2004-18:42:12;46;00/00/0000-00:00:00;00/00/0000-00:00:00;03/25/2004-18
:42;46;04/10/2004-17:25;30;EXPIRED ;
NormalUser;NormalUser;CN=NormalUser,CN=Users,DC=joe,DC=com;00/00/0000-00:00:00;0;00/00/0000-00:00:00;0;03/28/2004-20:26:00;43;00/00/0000-00:00:00;00/00/0000-00:00:00;03/28/2004-20:
26;43;04/10/2004-17:25;30;EXPIRED ;
joedoe;joedoe;CN=joedoe,CN=Users,DC=joe,DC=com;04/12/2004-14:36:22;0;04/12/2004-11:36:57;4;04/12/2004-11:35:14;29;00/00/0000-00:00:00;00/00/0000-00:00:00;04/12/2004-12:35;28;04/12/
2004-15:36;28;;
joetest;joetest;CN=joetest,CN=Users,DC=joe,DC=com;04/28/2004-23:43:39;3;04/28/2004-23:39:08;1;04/28/2004-23:38:53;12;00/00/0000-00:00:00;00/00/0000-00:00:00;04/29/2004-00:37;12;04/
29/2004-01:25;12;;
[Tue 05/11/2004 15:29:14.15]
F:\DEV\cpp\SecData>
Adfind output will look like
[Tue 05/11/2004 15:33:57.47]
F:\DEV\cpp\SecData>adfind -b cn=users,dc=joe,dc=com -tdc -f
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=*))" pwdLastSet
AdFind V01.15.00cpp Joe Richards ([email protected]) April 2004
Using server: 2k3dc01.joe.com
dn:CN=Administrator,CN=Users,DC=joe,DC=com
pwdLastSet: 03/08/2004-16:26:23
dn:CN=Guest,CN=Users,DC=joe,DC=com
pwdLastSet: 00/00/0000-00:00:00
dn:CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com
pwdLastSet: 03/08/2004-21:39:49
dn:CN=krbtgt,CN=Users,DC=joe,DC=com
pwdLastSet: 03/09/2004-00:25:07
dn:CN=$jricha34,CN=Users,DC=joe,DC=com
pwdLastSet: 03/09/2004-02:56:24
dn:CN=$$Jricha34,CN=Users,DC=joe,DC=com
pwdLastSet: 03/25/2004-18:42:12
dn:CN=NormalUser,CN=Users,DC=joe,DC=com
pwdLastSet: 03/28/2004-20:26:00
dn:CN=joedoe,CN=Users,DC=joe,DC=com
pwdLastSet: 04/12/2004-11:35:14
dn:CN=joetest,CN=Users,DC=joe,DC=com
pwdLastSet: 04/28/2004-23:38:53
9 Objects returned
[Tue 05/11/2004 15:34:12.37]
F:\DEV\cpp\SecData>