Note: This is a topic brought over from DameWare Forums which has been closed. If you wish to engage in this discussion, just comment on this document.
Original Post
by blackpool6 on Fri Apr 08, 2011 8:36 am
I want to start using NT Utlities and the exporter here at work. I have a need to export the user account information on a quarterly basis. This is for SOX auditing purposes.
Overall I have no problems with the software, except one:
How do you export the accounts and show which accounts are disabled? I know this is some sort of shared attribute field but I am wondering if the exporter has a way to handle it?
Thank you.
Re: AD Disabled Accounts
by blackpool6 on Thu Apr 14, 2011 2:09 pm
No hints at all? I notice that if I explore the domain that it indicates which users are locked out and which ones are disabled.
Is there a way I can export that view?
Re: AD Disabled Accounts
by blackpool6 on Mon Apr 25, 2011 6:52 am
Tap Tap Tap
Is this thing on????
No one else needs or would use this? Is it posted somewhere else? I tried to search but found nothing.
I see Bryan constantly updating posts but nothing here.
Re: AD Disabled Accounts
by DawgBone on Tue Apr 26, 2011 4:22 pm
My experience with Exporter is pretty...well.....non-existent...buuuuutttttt
I just did one on my AD DC, and I used the standard properties... It tells me some good stuff
like...
<User>
<UserName>dividingbyzero</UserName>
<FullName>dividingbyzero</FullName>
<Comment/>
<UserComment/>
<HomeDir/>
<HomeDirDrive/>
<ScriptPath/>
<Profile/>
<LogonTo>\\*</LogonTo>
<LastLogon>9/12/2008 3:23:14 PM</LastLogon>
<LastLogoff>-1</LastLogoff>
<BadPwCount>0</BadPwCount>
<NumLogons>434</NumLogons>
<PwExpires>-1</PwExpires>
<PwExpired>No</PwExpired>
<NoExpirePwd>Yes</NoExpirePwd>
<Disabled>Yes</Disabled>
<LockedOut>No</LockedOut>
<NoPwRequired>No</NoPwRequired>
<UserCantChgPw>Yes</UserCantChgPw>
<RAS>No</RAS>
<RASCallback/>
<SetByCaller/>
<CallbackNo/>
<PwAgeInDays>1463</PwAgeInDays>
<PwLastChg>4/24/2007 2:25:34 PM</PwLastChg>
</User>
Re: AD Disabled Accounts
by blackpool6 on Tue Apr 26, 2011 8:48 pm
Thank you!!!
I used the standard properties instead of the AD export and I see all that I will ever need. Last logon, locked out, disabled, etc.
Perfect!!
Thanks Dawg Bone
Re: AD Disabled Accounts
by auley on Mon Jan 30, 2012 2:28 am
I haven't seen or noticed such behavior, it might be some scripts set in the background to do this based on the criteria.It can be the behavior of script cell phone spy software to disable and enable the account
Re: AD Disabled Accounts
by Lisa098 on Fri Feb 03, 2012 2:02 am
You can use any valid LDAP filter. Other option is to select an unused attribute and stamp them with “DoNotSync” value and exclude them based on this attribute value.
Usually AdminDisplayName and AdminDescription attributes are not in use.