cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Azkor
Engaged Sweeper II
Hi, I am looking for a way to check if AD accounts have expired or not been logged into in the last 120 days. I looked through the reports subforum and didnt see anything like I am looking for. Is there a reporting feature in Lansweeper that I can use for this?
1 ACCEPTED SOLUTION
Daniel_B
Lansweeper Alumni
If an AD account is expired won't be tracked in your database. You need to check this on your Active Directory, possibly using a script. What you can pull a report of is AD user accounts which haven't been scanned as logged on to any computer during the last 120 days. Please find an example report below.

Note: In order to report on AD user accounts, ensure that you submitted the ADSI path of your users' OU for scanning under Configuration\Scanning methods, section Domain User Scanning. Details on how to use this scanning methods can be found in this article.


Select tblADusers.Displayname,
tblADusers.Username,
tblADusers.whenCreated
From tblADusers
Where Not Exists(Select tblCPlogoninfo.Username,
tblCPlogoninfo.Domain From tblCPlogoninfo
Where tblCPlogoninfo.Username = tblADusers.Username And
tblCPlogoninfo.Domain = tblADusers.Userdomain And tblCPlogoninfo.logontime >
GetDate() - 120)
Order By tblADusers.Username

View solution in original post

3 REPLIES 3
TheITGuy
Engaged Sweeper III
Use ADTIDY instead.

http://www.cjwdev.com/Software/ADTidy/Info.html
cnielsen
Engaged Sweeper II
Can this be modified to not show accounts already disabled? Also add an output to show the timestamp when it was last logged onto?
Daniel_B
Lansweeper Alumni
If an AD account is expired won't be tracked in your database. You need to check this on your Active Directory, possibly using a script. What you can pull a report of is AD user accounts which haven't been scanned as logged on to any computer during the last 120 days. Please find an example report below.

Note: In order to report on AD user accounts, ensure that you submitted the ADSI path of your users' OU for scanning under Configuration\Scanning methods, section Domain User Scanning. Details on how to use this scanning methods can be found in this article.


Select tblADusers.Displayname,
tblADusers.Username,
tblADusers.whenCreated
From tblADusers
Where Not Exists(Select tblCPlogoninfo.Username,
tblCPlogoninfo.Domain From tblCPlogoninfo
Where tblCPlogoninfo.Username = tblADusers.Username And
tblCPlogoninfo.Domain = tblADusers.Userdomain And tblCPlogoninfo.logontime >
GetDate() - 120)
Order By tblADusers.Username