Inactive Accounts Saved Query

[esowash]

I have a Windows 2003 Active Directory, upgraded from 2000 and running
in 2003 Native mode.

Using the AD Users and Computers mmc, under Saved Queries, I create a
little query to return all accounts not logged onto for 30 days.

I never returns any results.

I can query my AD using several 3rd party applications, as well as
some custom vbscript-ing, and each returns the list of users which I
would thought met the critera for my query above. None of them have
the integration into AD that I want, namely, to be able to manipulate
the user accounts that the query returned, without having to open
another application and cross-reference.

What is the deal here?

 

[Paul Bergson [MVP-DS]]

Don't know. Have you hit refresh on the MMC query? Are you basing the
query at the root of the domain?

Export the query and post it

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[esowash]

I've refreshed it a couple of times, I've also recreated it directly
on my domain controllers, and still don't get any results.

The query is just for accounts older than 30 days, so the XML is
pretty boring...

<QUERY><NAME>Abandoned Accounts</NAME><DESCRIPTION>Accounts that have
not been logged onto for 30 days</DESCRIPTION><DN></
DN><FILTERLASTLOGON>30</FILTERLASTLOGON><LDAPQUERY>(&amp;
(objectCategory=person)(objectClass=user))</LDAPQUERY><ONELEVEL>FALSE</
ONELEVEL><COLUMNID>{EBA19F49-2F5A-423C-A517-56D3B2819746}</
COLUMNID><DSQUERYUIDATA>050000000c00000043006f006d006d006f006e00510075006500720079000000020000000308000000480061006e0064006c00650072000000100000005ee6238ac231d011891c00a024ab2dbb030500000046006f0072006d00000010000000cbe7168cc2172947a6698474d6712b81080000004400730051007500650072007900000002000000010900000056006900650077004d006f0064006500000004130000010d00000045006e00610062006c006500460069006c007400650072000000000000002a00000028006f0062006a00650063007400430061007400650067006f00720079003d0070006500720073006f006e00290028006f0062006a0065006300740043006c006100730073003d0075007300650072002900000005000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b00000000000000010f0000004e006f006e0045007800700050007700640043006800650063006b00000000000000010f0000004c006100730074004c006f0067006f006e0043006f006d0062006f000000010000001a00000028006f0062006a00650063007400430061007400650067006f00720079003d0063006f006d00700075007400650072002900000003000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b000000000000001700000028006f0062006a00650063007400430061007400650067006f00720079003d00670072006f00750070002900000002000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000</
DSQUERYUIDATA></QUERY>

 

[esowash]

And yes, the query is based at the root.

 

[Paul Bergson [MVP-DS]]

Part of the query wouldn't work until I redefined. See if you get better
results with this. Other than that it looks fine and I haven't seen an
issue with this before.

<QUERY>
<NAME>Abandoned Accounts</NAME>
<DESCRIPTION>Accounts that havenot been logged onto for 30
days</DESCRIPTION>
<DN />
<FILTERLASTLOGON>30</FILTERLASTLOGON>
<LDAPQUERY>(&(objectCategory=person)(objectClass=user))</LDAPQUERY>
<ONELEVEL>FALSE</ONELEVEL>
<COLUMNID>{EBA19F49-2F5A-423C-A517-56D3B2819746}</COLUMNID>
<DSQUERYUIDATA>050000000c00000043006f006d006d006f006e00510075006500720079000000020000000308000000480061006e0064006c00650072000000100000005ee6238ac231d011891c00a024ab2dbb030500000046006f0072006d00000010000000cbe7168cc2172947a6698474d6712b81080000004400730051007500650072007900000002000000010900000056006900650077004d006f0064006500000004130000010d00000045006e00610062006c006500460069006c007400650072000000000000002a00000028006f0062006a00650063007400430061007400650067006f00720079003d0070006500720073006f006e00290028006f0062006a0065006300740043006c006100730073003d0075007300650072002900000005000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b00000000000000010f0000004e006f006e0045007800700050007700640043006800650063006b00000000000000010f0000004c006100730074004c006f0067006f006e0043006f006d0062006f000000010000001a00000028006f0062006a00650063007400430061007400650067006f00720079003d0063006f006d00700075007400650072002900000003000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b000000000000001700000028006f0062006a00650063007400430061007400650067006f00720079003d00670072006f00750070002900000002000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000</DSQUERYUIDATA>
</QUERY>

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

news:[email protected]...

 

[esowash]

After some trial and errror (including that you have to remove all the
dashes that copy and paste puts in the DSQUERYUIDATA, for all of those
reading this after the fact) I see what you did there. It didn't work,
so I refined it a little more, setting the LDAPQUERY to just look at
objectclass=user.

It still didn't bring back any results.

<QUERY><NAME>Abandoned Accounts</NAME><DESCRIPTION>Accounts that have
not been logged onto for 30 days</DESCRIPTION><DN></
DN><FILTERLASTLOGON>30</FILTERLASTLOGON><LDAPQUERY>(objectClass=user)</
LDAPQUERY><ONELEVEL>FALSE</ONELEVEL><COLUMNID>{EBA19F49-2F5A-423C-
A517-56D3B2819746}</
COLUMNID><DSQUERYUIDATA>050000000c00000043006f006d006d006f006e00510075006500720079000000020000000308000000480061006e0064006c00650072000000100000005ee6238ac231d011891c00a024ab2dbb030500000046006f0072006d00000010000000cbe7168cc2172947a6698474d6712b81080000004400730051007500650072007900000002000000010900000056006900650077004d006f0064006500000004130000010d00000045006e00610062006c006500460069006c007400650072000000000000002a00000028006f0062006a00650063007400430061007400650067006f00720079003d0070006500720073006f006e00290028006f0062006a0065006300740043006c006100730073003d0075007300650072002900000005000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b00000000000000010f0000004e006f006e0045007800700050007700640043006800650063006b00000000000000010f0000004c006100730074004c006f0067006f006e0043006f006d0062006f000000010000001a00000028006f0062006a00650063007400430061007400650067006f00720079003d0063006f006d00700075007400650072002900000003000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000010d000000440069007300610062006c00650043006800650063006b000000000000001700000028006f0062006a00650063007400430061007400650067006f00720079003d00670072006f00750070002900000002000000010a0000004e0061006d00650043006f006d0062006f00000000000000010a000000440065007300630043006f006d0062006f00000000000000</
DSQUERYUIDATA></QUERY>

 

[Paul Bergson [MVP-DS]]

Sorry man everything else looks good. You running sp1?

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

news:[email protected]...

 

[esowash]

Yup - fully patched domain controllers and workstation. What a
PITA....

Thanks for your help - hopefully someone else who is having this
problem can chime in and offer some tidbit of valuable information
that I haven't. This AD was migrated from 2000, that's the only thing
I can think that may have some impact on the situation. Otherwise, the
query looks pretty simple, and should run.