1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
|
Option Explicit
' Global Constants
Const FILE_NAME = "LastLogon.csv"
'
' Subroutines
'
Sub GetLastLogon(objDomainController)
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_ACCOUNTDISABLE = &H2
Dim objConnection, objCommand, objRecordSet, objRootDSE, objLastLogon
Dim strDCName, strUsername, strDN, strDisplayName
Dim intUAC, intLogonTime
Dim dtmLastLogon
strDCName = Mid(objDomainController.Name, 4, Len(objDomainController.Name))
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
WScript.Echo "Querying: " & strDCName
Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT sAMAccountName, lastLogon, distinguishedName, userAccountControl, " &_
"displayName FROM 'LDAP://" & strDCName & "/" & objRootDSE.Get("defaultNamingContext") & "' " &_
"WHERE objectClass='user' AND objectCategory='person'"
Set objRootDSE = Nothing
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
strUsername = objRecordSet.Fields("sAMAccountName")
strDN = objRecordSet.Fields("distinguishedName")
intUAC = objRecordSet.Fields("userAccountControl")
On Error Resume Next
strDisplayName = "" : strDisplayName = objRecordSet.Fields("displayName")
On Error Goto 0
If intUAC And ADS_UF_ACCOUNTDISABLE Then
strAccountState = "Disabled"
Else
strAccountState = "Enabled"
End If
On Error Resume Next
objLastLogon = objRecordSet.Fields("lastLogon")
intLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
intLogonTime = intLogonTime / 600000000
intLogonTime = intLogonTime / 1440
dtmLastLogon = intLogonTime + #01/01/1601#
Set objLastLogon = Nothing
On Error Goto 0
If dtmLastLogon <> #01/01/1601# Then
If objUsers.Exists(strUsername ) Then
If dtmLastLogon > objUsers(strUsername)(0) Then
objUsers.Remove(strUsername)
objUsers.Add strUsername, Array(dtmLastLogon, _
strAccountState, strDN, strDisplayName)
End If
Else
objUsers.Add strUsername, Array(dtmLastLogon, _
strAccountState, strDN, strDisplayName)
End If
End If
objRecordSet.MoveNext
WEnd
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
End sub
'
' Main Code
'
Dim objRootDSE, objUsers, objDomainControllers, objDomainController, objFileSystem, objFile
Dim strUsername, strAccountState, strDN, strDisplayName
Dim dtmLastLogon, dtmRuntime
dtmRunTime = Now
Set objRootDSE = GetObject("LDAP://RootDSE")
Set objUsers = CreateObject("Scripting.Dictionary")
' Get the DC List
Set objDomainControllers = GetObject("LDAP://OU=Domain Controllers," &_
objRootDSE.Get("defaultNamingContext"))
objDomainControllers.Filter = Array("computer")
For Each objDomainController in objDomainControllers
GetLastLogon objDomainController
Next
Set objDomainControllers = Nothing
Set objRootDSE = Nothing
' Reporting
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile(FILE_NAME, True, False)
For Each strUsername In objUsers
dtmLastLogon = objUsers(strUsername)(0)
strAccountState = objUsers(strUsername)(1)
strDN = objUsers(strUsername)(2)
strDisplayName = objUsers(strUsername)(3)
objFile.WriteLine """" & strDisplayName & """,""" & strAccountState & """,""" &_
dtmLastLogon & """,""" & strUsername & """,""" & strDN & """"
Next
WScript.Echo "Run Time: " & DateDiff("s", dtmRunTime, Now) & " Seconds"
objFile.Close
Set objFileSystem = Nothing
Set objUsers = Nothing
|