Here is an old script I wrote for doing just that. It's not the cleanest
code, but I haven't bothered to change it because it works.
#############################################
############################################################################
#
##### GetUsers_LastLogon.pl -- Gets a list of Domain Users
#####
##### and outputs the result to a .csv file
#####
##### by Tim Johnson with thanks to [EMAIL PROTECTED]
#####
##### version 1.0.061801
#####
############################################################################
#
print "\n\n\nThis script will retrieve the last logon time of all domain
users.\n\n\n";
use Win32;
use Win32::NetAdmin;
use Win32API::Net;
$domain = Win32::DomainName();
##### Prepare output file
open(OUTFILE,">LastLogon_$domain.csv");
##### Print headers
print OUTFILE "USER,";
print OUTFILE "PRIVILEGE,";
print OUTFILE "LAST LOGON,";
print OUTFILE "ACCOUNT STATUS\n";
##### Declare modules and retrieve user list
Win32::NetAdmin::GetDomainController("",$domain,$anydc);
Win32::NetAdmin::GetUsers($anydc,"",[EMAIL PROTECTED]);
@sort_users = sort @users; ##Sort result
##### Find Domain Controllers
print "Searching for Domain Controllers ";
$spin = 1;
print "-";
foreach $user(@sort_users){
if($user =~ /\$$/){ #eliminating user accounts
#SPINNER
print "\b";
if($spin/1 == 1){ #creating spinner
print "\\";
$spin++;
}elsif($spin/2 == 1){
print "\|";
$spin++;
}elsif($spin/3 == 1){
print "\/";
$spin++;
}elsif($spin/4 == 1){
print "-";
$spin = 1;
}
#END SPINNER
Win32API::Net::UserGetInfo($anydc,$user,3,\%user);
if($user{flags} & UF_SERVER_TRUST_ACCOUNT()){
chop $user; #removing '$' from the end of the
name
push @dc,$user;
$user = "$user"."\$"; #adding '$' back so the
accounts won't reappear as users
}
}
}
print "\b\b";
print "\n\n";
##### Use Domain Controllers from above and check each one for the latest
logon time
print "Checking Domain Controllers for logon times ";
foreach $user(@sort_users){
if(!($user =~ /\$$/)){ #eliminating workstation accounts
push @domainusers,$user;
}
}
$spin = 1;
print "-";
foreach $user(@domainusers){ ##Code from here to end of script iterates once
for each user
#SPINNER
print "\b";
if($spin/1 == 1){
print "\\";
$spin++;
}elsif($spin/2 == 1){
print "\|";
$spin++;
}elsif($spin/3 == 1){
print "\/";
$spin++;
}elsif($spin/4 == 1){
print "-";
$spin = 1;
}
#END SPINNER
foreach $dc(@dc){
Win32API::Net::UserGetInfo($dc,$user,3,\%user);
$attrib[0] = $user;
$attrib[1] = $user{priv};
$attrib[2] = $user{flags};
$logon{$dc} = $user{lastLogon};
}
##### Print processed data to file.
print OUTFILE "$attrib[0],";
##### Check Privilege level
if($attrib[1]==USER_PRIV_USER){
print OUTFILE "USER,";
}elsif($attrib[1]==USER_PRIV_ADMIN){
print OUTFILE "ADMIN,";
}elsif($attrib[1]==USER_PRIV_GUEST){
print OUTFILE "GUEST,";
}
##### Calculate last logon
for($count=0,$lastlogon=1;$dc[$count];$count++){
if($logon{$dc[$count]} > $lastlogon){
$lastlogon = $logon{$dc[$count]};
}
}
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($lastlogon);
if($year != 69){
print OUTFILE ($mon + 1)."-".$mday."-".($year + 1900);
}else{
print OUTFILE "n\/a";
}
print OUTFILE ",";
#### Calculate flags
$total=$user{flags};
if(($total - UF_DONT_EXPIRE_PASSWD) >= 0){
$total = $total - UF_DONT_EXPIRE_PASSWD;
print OUTFILE "NO PWD EXPIRE.";
}
if(($total - UF_SERVER_TRUST_ACCOUNT) >= 0){
$total = $total - UF_SERVER_TRUST_ACCOUNT;
}
if(($total - UF_WORKSTATION_TRUST_ACCOUNT) >= 0){
$total = $total - UF_WORKSTATION_TRUST_ACCOUNT;
}
if(($total - UF_INTERDOMAIN_TRUST_ACCOUNT) >= 0){
$total = $total - UF_INTERDOMAIN_TRUST_ACCOUNT;
}
if(($total - UF_NORMAL_ACCOUNT) >= 0){
$total = $total - UF_NORMAL_ACCOUNT;
}
if(($total - UF_TEMP_DUPLICATE_ACCOUNT) >= 0){
$total = $total - UF_TEMP_DUPLICATE_ACCOUNT;
}
if(($total - UF_PASSWD_CANT_CHANGE) >= 0){
$total = $total - UF_PASSWD_CANT_CHANGE;
}
if(($total - UF_PASSWD_NOTREQD) >= 0){
$total = $total - UF_PASSWD_NOTREQD;
}
if(($total - UF_LOCKOUT) >= 0){
print OUTFILE "LOCKED OUT.";
$total = $total - UF_LOCKOUT;
}
if(($total - UF_HOMEDIR_REQUIRED) >= 0){
$total = $total - UF_HOMEDIR_REQUIRED;
}
if(($total - UF_ACCOUNTDISABLE) >= 0){
print OUTFILE "DISABLED.";
$total = $total - UF_ACCOUNTDISABLE;
}
if (($total - UF_SCRIPT) >= 0){
$total = $total - UF_SCRIPT;
}
if($user{passwordExpired} == 1){
print OUTFILE "PWD EXPIRED.";
}
print OUTFILE "\n";
}
#####################################
-----Original Message-----
From: Rosenstein, Leon [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 11:22 AM
To: '[EMAIL PROTECTED]'; 'Leon'; 'Tillman, James';
'Robert-Jan Mora'
Cc: 'perl'; 'win32'; 'Yahoo Beginner Perl'
Subject: RE: Last Logon of ALL users in the domain
Is there way to have it query all domain controllers in the domain? I was
thinking of modifying it to run the script as a subroutine and use lanman or
netadmin to loop it through all the DC's. The problem is if you have more
then one DC you wont get accurate results. It needs to be run on each one.
I was thinking of having it run as a sub, hit each one, dump the info into a
text file and then use excel to clean it up. Does anyone know how to
implement that easily or think that is the best way to do it?
Thx,
Leon
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
