Поиск живых (активных) пользователей домена

Хотел вывести список доменных пользователей пользователей, которые реально работают. Есть сохраненный запрос (Saved Querie) со списком невыключенных пользователей:

 

(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(objectCategory=user)(objectClass=user)(userPrincipalName=*))(!userAccountControl=66050))

Но что-то у меня не выходит добавить то, что дата входа позже определенной:

(lastlogontimestamp=131026793166645074)

 

Атрибут 131026793166645074 это дата и время 17.03.2016 12:08:36

Перевод этого числа в дату/время:

cmd -> w32tm /ntte 131026793166645074

 

Причем запрос через DSQUERY работает в командной строке, но через сохранённые запросы ничего не выдает:

dsquery * -filter "(&(objectCategory=Person)(objectClass=User)(lastlo

 

gontimestamp>=131026793166645074))" -attr sAMAccountName -limit 0

 

Есть аналог для ПК:

dsquery * -filter "(&(objectCategory=computer)(objectClass=computer)(lastlogon>=131026793166645074))" -attr sAMAccountName -limit 0

 

Ураа!!! Получился работающий запрос:

(&(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(objectCategory=user)(objectClass=user)(userPrincipalName=*))(!userAccountControl=66050)(&(lastlogontimestamp>=131026793166645074)))))

 

Но его каждый раз надо править.. Как-то надо отвязаться от конкретной даты/времени.

 

Много полезных Сохранённых Запросов (отсюда):

Find Groups that contains the word admin
(objectcategory=group)(samaccountname=*admin*)

Find users who have admin in description field
(objectcategory=person)(description=*admin*)

Find all Universal Groups
(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No Members
(objectCategory=group)(!member=*)

Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group
(groupType:1.2.840.113556.1.4.804:=14)

Find all User with the name Bob
(objectcategory=person)(samaccountname=*Bob*)

Find user accounts with passwords set to never expire
(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that never log in to domain
(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

Find user accounts with no log on script
(objectcategory=person)(!scriptPath=*)

Find user accounts with no profile path
(objectcategory=person)(!profilepath=*)

Finds non disabled accounts that must change their password at next logon
(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all disabled accounts in active directory
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all locked out accounts
(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Finds Domain Local Groups
(groupType:1.2.840.113556.1.4.803:=4)

Finds all Users with Email Address set
(objectcategory=person)(mail=*)

Finds all Users with no Email Address
(objectcategory=person)(!mail=*)

Find all Users, Groups or Contacts where Company or Description is Contractors
(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

Find all Users with Mobile numbers 712 or 155
(objectcategory=user)(|(mobile=712*)(mobile=155*))

Find all Users with Dial-In permissions
(objectCategory=user)(msNPAllowDialin=TRUE)

Find All printers with Color printing capability
Note: server name must be changed
(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

Find Users Mailboxes Overriding Exchange Size Limit Policies
(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

Find all Users that need to change password on next login.
(&(objectCategory=user)(pwdLastSet=0))

Find all Users that are almost Locked-Out
Notice the “>=” that means “Greater than or equal to”.
(objectCategory=user)(badPwdCount>=2)

Find all Computers that do not have a Description
(objectCategory=computer)(!description=*)

Find all users with Hidden Mailboxes
(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Find all Windows 2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Find all Windows XP SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

Find all Windows XP SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Find all Vista SP1 computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Find All Workstations
(sAMAccountType=805306369)

Find all 2003 Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

Find all 2003 Servers – DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Оставить комментарий

Комментарии: 0