useracc-report

Use this command to list all users and their Active Directory account control values. The command line arguments are as follows:

Label Required/Optional Description

-domain

required

Domain name

-m

optional

Bind using the ADEdit host machine’s credentials (see bind)

Note: If you use -m you do not need to enter -u

-u

optional

Administrator’s account name.

-p

optional

Administrator’s account password.

Note: If you do not enter the password in the command line you will be prompted to enter it.

-sep

optional

Separator used between data. Default is |

 
#!/bin/env adedit
# This script lists all the users and their Active Directory account control values
package require ade_lib
# List users and the following field
proc usage {msg} {
              puts {usage: -domain <domain> [-m] [-u <user>] [-p <password>] [-sep csv | tab | <char>]}
              puts $msg
              exit 1
}
if {[getopt argv -domain domain] == 0} {
              usage "Missing domain"
}
set verbose 0
if {[getopt argv -v]} {
              set verbose 1
}
set sep "|"
getopt argv -sep sep
if {$sep == "csv"} {set sep ","}
if {$sep == "tab"} {set sep "\t"}
if {[getopt argv -m]} {
              bind -machine $domain 
} else { 
   if {[getopt argv -u user]} {
      if {[getopt argv -p password]} {
              bind $domain $user $password
       } else {
        bind $domain $user} 
              } else {
    bind $domain
  }
}
cache on
proc my_convert_msdate {msdate} {
    if {$msdate==9223372036854775807} {
        return -1
    }
    return [clock format [expr ($msdate/10000000)-11644473600] -format "%m/%d/%y %H:%M:%S"]
}
proc nice_date {date} {
 if {$date == ""} {return $date}
 if {$date == 0} {return ""}
 set ret [my_convert_msdate $date]
 if {$ret == -1} {return ""}
 return $ret;
}
set users [get_objects -depth sub [dn_from_domain $domain] "(objectcategory=Person)"]
foreach user $users {
              select_object $user
              set uac [get_object_field userAccountControl]
              if {$uac == ""} {continue}
              # gof is get_object_field
              eval "set name [gof cn]"
              #puts [gof dn]
              set sam [gof sAMAccountName]
              set exp [nice_date [gof accountExpires] ]
              set locked [nice_date [gof lockoutTime] ]
              set lastlogon [nice_date [gof lastLogon] ]
              set enabled [expr $uac&amp;0x2 ]
              set enabstr "False"
              if {$enabled} {set enabstr "True"}
              puts $name$sep$sam$sep$exp$sep$locked$sep$lastlogon$sep$enabstr
}