در توسینسو تدریس کنید

و

با دانش خود درآمد کسب کنید

How to detect inactive users and computers in active directory?

Hello friends; This is my first English article in microsoft network services island in tosinso website and I hope you will enjoy it (Excuse me because of my weak English writing skills). Since 2005 till now I have been working for many enterprise companies and organizations that has been used active directory for their primary directory service, one of the most important mistakes that network administrators make when managing their active directory network service is that they do not pay attention to the creation and deletion of user and computer accounts.

After months and even years, we see that we have many computer and network accounts that are not used in the network. This is actually a security concern, a malicious user or a hacker can use this inactive users and computer accounts to attack the network or create a security breach. Today I want to show you some useful active directory LDAP query samples to detect these kind of inactive objects and do something about it. so let’s see what we have here:

First example: Detecting inactive users for a month

C:\> dsquery user -inactive 4

Description for first example: You have open command prompt to enter the command. dsquery is my favorite command to query active directory, the user portion defines the type of object that we want to query, -inactive section defines the parameter that we are looking for and finally the number at te last defines the number of weeks !! yes the number 4 means 4 weeks therefore it means find and show me the inactive users that did not login within the last 30 days.

Second example: Detect inactive users for a month and disable all of them

C:\> dsquery user -inactive 4 | dsmod user -disabled yes 

Description for second example: The first part of the command is exactly the same as the first example

but remember that we can export the output of the commands with pipe character and import them to the next command input, so as you can see we have found the inactive users from the first part and imported the results into dsmod command that can modify active directory object attributes. Then we set the –disabled parameter to yes !! it means disable all inactive users that are not active for a month.

Third example: Detect inactive computers for a month and disable all of them

C:\> dsquery computer -inactive 4 | dsmod computer -disabled yes 

Description for third example: Guess what !! we just replaced the user part!

Fourth example: Detect inactive computers for a month and copy the list

C:\> dsquery computer -inactive 4 | clip

Description for fourth example: the first part is really simple! The second part means copy the output

results of the first command into the clipboard memory so you can paste them into other applications like excel or word or ...

I hope it will help you to cleanup your active directory.

Best Regards Mohammad Nasiri

TOSINSO Microsoft Network Services Island

All Rights Reserved

2 نظر
faraghat

thank you so much with one much :D

thats great

نظر شما
برای ارسال نظر باید وارد شوید.
از سرتاسر توسینسو
تنظیمات حریم خصوصی
تائید صرفنظر
×

تو می تونی بهترین نتیجه رو تضمینی با بهترین های ایران بدست بیاری ، پس مقایسه کن و بعد خرید کن : فقط توی جشنواره پاییزه می تونی امروز ارزونتر از فردا خرید کنی ....