..Expired User on Active Directory..

Akhirnya blog ini bangkit lagi, tapi kali ini gak ikutan bangkit gara2 #pilpres2014 ya! catat itu! #eaaa . Ini karena gue yang rada pelupa aja ama ilmu-ilmu kudu yang mesti diinget😀.

Dengan pindah divisi gue jadi belajar banyak. Seenggaknya gue berusaha nyari tau apa yang gue gak tau ataupun gue ngerti. Awalnya gue ditanyain ama user yang minta list expired user untuk perpanjangan login di Active Directory. Gue yakin ada cara nariknya tuh data, akhirnya berbekal sotoy dan coba2 googling dan pencerahan dari Adit (gpp kali ya bantuin wlw beda company). Krn user dia ga ada yg diset expired datenya di Active Directory alhasil dilempar aja semua link ke gue.

Berbekal keberanian (ama sotoy beda tipis ya) sambil baca2 manual download untuk report. Akhirnya gue dapetin script yang seenggaknya sedikit mendekati :

dsquery user -limit 0 | dsget user -samid -acctexpires > expusr.csv

Syntax :

dsget user <UserDN> [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln] [-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile] [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile] [-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]]
dsget user <UserDN> [-memberof] [-expand][{-uc | -uco | -uci}]

 

Parameter :

 

Parameter

Description
<UserDN> (first variation) Required. Displays the distinguished names of the user objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare this parameter with UserDN in the second variation.
-dn Displays the distinguished names of the users.
-samid Displays the Security Account Manager (SAM) account names of the users.
-sid Displays the user security identifiers (SIDs).
-upn Displays the user principal names (UPNs) of the users.
-fn Displays the first names of the users.
-mi Displays the middle initials of the users.
-ln Displays the last names of the users.
-display Displays the display names of the users.
-empid Displays the employee IDs of the users.
-desc Displays the descriptions of the users.
-full Displays the full names of the users.
-office Displays the office locations of the users.
-tel Displays the telephone numbers of the users.
-email Displays the e-mail addresses of the users.
-hometel Displays the home telephone numbers of the users.
-pager Displays the pager numbers of the users.
-mobile Displays the mobile phone numbers of the users.
-fax Displays the fax numbers of the users.
-iptel Displays the user IP phone numbers.
-webpg Displays the user Web page URLs.
-title Displays the titles of the users.
-dept Displays the departments of the users.
-company Displays the company information of the users.
-mgr Displays the managers of the users.
-hmdir Displays the drive letter to which the home directory of the user is mapped to if the home directory path is a UNC path.
-hmdrv Displays the user’s home drive letter if home directory is a UNC path.
-profile Displays the user profile paths.
-loscr Displays the user logon script paths.
-mustchpwd Displays whether users must change their passwords at the time of next logon (yes) or not (no).
-canchpwd Displays whether users can change their password (yes) or not (no).
-pwdneverexpires Displays whether the user passwords never expires (yes) or not (no).
-disabled Displays whether user accounts are disabled for logon (yes) or not (no).
-acctexpires Displays the dates when user accounts expire. If the accounts never expire, this command returns never.
-reversiblepwd Displays whether the user passwords are allowed to be stored using reversible encryption (yes) or not (no).
<UserDN> (second variation) Required. Displays the distinguished name of the user whose group membership you want to view.
-memberof Displays the immediate list of groups of which the user is a member.
-expand Displays the recursively expanded list of groups of which the user is a member. This option takes the immediate group membership list of the user, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
{-uc| -uco| -uci} Specifies that dsget formats output or input data in Unicode. The following list explains each format.

  • -uc: Specifies a Unicode format for input from or output to a pipe (|).
  • -uco : Specifies a Unicode format for output to a pipe (|) or a file.
  • -uci: Specifies a Unicode format for input from a pipe (|) or a file.
-part <PartitionDN> Connects a computer to the directory partition with the distinguished name ofPartitionDN.
-qlimit Displays the effective quota of the user within the directory partition that you specify with the -part parameter.
-qused Displays how much of the quota the user has used within the specified directory partition that you specify with the -part parameter.
/? Displays help at the command prompt.

Source :

One thought on “..Expired User on Active Directory..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s