| Author | Messages | |
AD000001365
Posts:0
 | | 08/29/2005 2:11 AM |
| Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| Alm@xxxx.yyy
| | 08/29/2005 3:21 AM |
| It's possible, but not absolute. Are you trying to automate user
management?
Can you give some more details about what you want and what you want to
do with the data? That might help to spur some better information.
Basically, you can use lastlogontimestamp (dsquery makes it pretty easy
if you want to use that) to find out about when the last time a user
logged on assuming they triggered an update to this. Some actions don't
trigger this update so a second data point is a useful thing to have to
narrow it down even more. pwdLastSet is a useful data point IIRC.
Al
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bdesmond
Posts:416
| | 08/31/2005 3:42 AM |
| Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
_____
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Wednesday, August 31, 2005 7:52 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60 days
MOM would be a great tool to investigate for information collection and
trending reports based on that information.
You could automate it by counting the users in the same manner I described,
and then iterating through what's left discounting the service accounts if
you wanted.
You could also use the dsquery tools to do this because it's likely you
don't need precision in this case but rather a rough estimate. Using
dsquery you can get the information pretty quickly and then you just need to
count the objects it returns.
Al
_____
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Cothern Jeff D. Team
EITC
Sent: Wed 8/31/2005 7:34 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60 days
Unsure what the data is going to be used for. I just got the question of
how many users logged into the network in the last 60 days. If I can
have this in an automated way were they can pull up the infromation
easily it would be great. I think they are wanting it for metrics.
Jeff
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Monday, August 29, 2005 11:23 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60
days
It's possible, but not absolute. Are you trying to automate user
management?
Can you give some more details about what you want and what you want to
do with the data? That might help to spur some better information.
Basically, you can use lastlogontimestamp (dsquery makes it pretty easy
if you want to use that) to find out about when the last time a user
logged on assuming they triggered an update to this. Some actions don't
trigger this update so a second data point is a useful thing to have to
narrow it down even more. pwdLastSet is a useful data point IIRC.
Al
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> | | | |
| AD000001365
Posts:0
| | 08/31/2005 11:36 AM |
| Unsure what the data is going to be used for. I just got the question of
how many users logged into the network in the last 60 days. If I can
have this in an automated way were they can pull up the infromation
easily it would be great. I think they are wanting it for metrics.
Jeff
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Monday, August 29, 2005 11:23 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60
days
It's possible, but not absolute. Are you trying to automate user
management?
Can you give some more details about what you want and what you want to
do with the data? That might help to spur some better information.
Basically, you can use lastlogontimestamp (dsquery makes it pretty easy
if you want to use that) to find out about when the last time a user
logged on assuming they triggered an update to this. Some actions don't
trigger this update so a second data point is a useful thing to have to
narrow it down even more. pwdLastSet is a useful data point IIRC.
Al
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| Alm@xxxx.yyy
| | 08/31/2005 11:53 AM |
| ________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Cothern Jeff D. Team EITC
Sent: Wed 8/31/2005 7:34 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60 days
Unsure what the data is going to be used for. I just got the question of
how many users logged into the network in the last 60 days. If I can
have this in an automated way were they can pull up the infromation
easily it would be great. I think they are wanting it for metrics.
Jeff
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Monday, August 29, 2005 11:23 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60
days
It's possible, but not absolute. Are you trying to automate user
management?
Can you give some more details about what you want and what you want to
do with the data? That might help to spur some better information.
Basically, you can use lastlogontimestamp (dsquery makes it pretty easy
if you want to use that) to find out about when the last time a user
logged on assuming they triggered an update to this. Some actions don't
trigger this update so a second data point is a useful thing to have to
narrow it down even more. pwdLastSet is a useful data point IIRC.
Al
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> | | | |
| MThommes
Posts:79
| | 08/31/2005 12:01 PM |
| How about joe's oldcmp tool (http://www.joeware.net/win/free/tools/oldcmp.htm)?
"The tool will work with a Windows 2000 AD as well as a Windows 2003 AD. It can key off the pwdLastSet attribute or in a Windows 2003 Domain Functional Domain on lastLogonTimestamp. This means you are going after IDs that have not had their password reset in x days or you can go after accounts that haven't logged on x days where by default x, is 90 days."
Mike Thommes
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Cothern Jeff D. Team EITC
Sent: Wed 8/31/2005 6:34 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60 days
Unsure what the data is going to be used for. I just got the question of
how many users logged into the network in the last 60 days. If I can
have this in an automated way were they can pull up the infromation
easily it would be great. I think they are wanting it for metrics.
Jeff
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Al Mulnick
Sent: Monday, August 29, 2005 11:23 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] determine number of users logged on last 60
days
It's possible, but not absolute. Are you trying to automate user
management?
Can you give some more details about what you want and what you want to
do with the data? That might help to spur some better information.
Basically, you can use lastlogontimestamp (dsquery makes it pretty easy
if you want to use that) to find out about when the last time a user
logged on assuming they triggered an update to this. Some actions don't
trigger this update so a second data point is a useful thing to have to
narrow it down even more. pwdLastSet is a useful data point IIRC.
Al
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:497
| | 08/31/2005 12:16 PM |
| Strictly speaking, no there isn't a query that will return this. You would
need to script it as it will be a process to follow. You can't filter by OU
in a query unless you have another field populated in the objects that has
that OU specified so you can specify it in the filter or alternatively some
other field that marks an account as a service account (which IMO, everyone
should have).
Now the additional questions that need to be asked are....
Do you want the number of unique users (non-service) who have been
authenticated at least once in the last 60 days? i.e. You have 28,000
non-service account users, how many logged in in the last 60 days at least
once.
Do you want the number of times any users (non-service) have been
authenticated in the last 60 days? i.e. In the last month 20,000 users
logged in 20 times, 5000 logged in 15 times, 3000 logged in 26 times.
Do you want any kind of authentication (including runas, netuse /user,
kerberos renewels, non-kerberos auths to resources, etc) or just
authentications that are interactive logons?
Do you want just successful logons or do you want failed attempts as well?
Lots of different ways to dice this up and you need to know exactly what
kind of info is really needed to determine how to tackle the problem. The
original question may be, how busy are the DCs which gets translated to
"well dc's log people on so how many people logged on" then you give a
number of how many people logged on (say 26000 logged on) and they look up
somewhere that says if you have 26000 authentications spread over 2 months,
you only need one domain controller. I have seen such silly things in the
past. And to make it blatently obvious why that isn't valid, I have seen
pools of DCs that only have 40,000 users in the domain processing tens or
hundreds of millions of authentication requests a day. Hundreds of millions
of requests versus maybe 30,000 people logging on in a day is quite a delta
as a capacity question.
Possibly solutions are lastLogonTimeStamp values, collected lastLogon
values, event log entries if you are auditing the proper things. Going
forward tools that run during logon scripts, etc. All of these have
limitations though and it is unlikely that you will ever get the "true"
value regardless of the value you are looking for. But depending on what you
need there are varying levels of "nearness" you can get to the true value.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Cothern Jeff D.
Team EITC
Sent: Monday, August 29, 2005 10:11 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] determine number of users logged on last 60 days
Is there query I could run that would tell me the number of users -minus
service accounts (guess filter by OU) that have logged on in the last 60
days.
Jeff Cothern
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|