Script for Inactive users after there creation.

Hi All,

I have got a requirement from Security team, to find the users who are created but not logged in 90 days in Active Directory after their creation date. There lastlogon stamp should be null (I guess).

I was able to prepare a script, Its not providing the proper output. Can you please help

===================================================================

Option Explicit

Const ADS_SCOPE_SUBTREE = 8 'How far down the tree you want to search
Const ForAppending = 8

Dim objRootDSE, objNewOU, objMoveUser, objOldOU, objFSO
Dim objConnection, objCommand, objRecordSet, strDeleteDays, strDatetxt, ObjDC
Dim UserDN, ObjUser, strDNSDomain, strQuery, strOldOU, objArgs, ADS_UF_ACCOUNTDISABLE
Dim objLogon, strWeeks, strDays, intLogonTime, objFromOU, objToOU, strDeleteQuery
Dim intLLTS, intReqCompare, ADVersion, intUAC, Uglyinfo, MoreUgly, intReqDeleteCompare, objTextFile

ADVersion = "2003"
'ADVersion = "2000"

' Gather the information from the arguments in the commandline.
strDays = 90
strDeleteDays = 180
strDatetxt = "E:\Files\ADScripts\APuserremove.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (strDatetxt, ForAppending, True)
Set objArgs = WScript.Arguments
objFromOU = WScript.Arguments(0) & ",dc=xxx,dc=abc,dc=com"  'What Domain and OU are you pulling from
objToOU = WScript.Arguments(1) & ",dc=xxx,dc=abc,dc=com"  'Where is your Retired OU.
objDC = WScript.Arguments(2)
Set objNewOU = GetObject("LDAP://" & objToOU)

' Use ADO to search Active Directory for all Users
Set objConnection      = CreateObject("ADODB.Connection")
Set objCommand         = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'-------------------- Begin Move Section -------------------------------
On Error Resume Next
strQuery = "SELECT distinguishedName FROM 'LDAP://" & objDC & "/" & objFromOU & "' WHERE objectCategory = 'User'"
'strQuery = "SELECT distinguishedName,lastlogontimestamp FROM 'LDAP://" & objFromOU & "' WHERE objectCategory = 'User'"
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute
objTextFile.WriteLine("90 day inactive users disabled from   " & objFromOU)
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
   UserDN = objRecordSet.Fields("distinguishedName").Value
   Set ObjUser = GetObject("LDAP://" & UserDN)
   ' Begin calculation
   If ADVersion = "2003" Then
      Set objLogon = ObjUser.Get("lastlogonTimeStamp")
   Else
      set objLogon = ObjUser.Get("lastLogon")
   End If
   intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
   intLogonTime = intLogonTime / (60 * 10000000)
   intLogonTime = intLogonTime / 1440
   intLLTS = intLogonTime + #1/1/1601#
   intReqCompare = Now - strDays
   If intLLTS < intReqCompare Then
        Uglyinfo = ObjUser.cn
        MoreUgly = ObjUser.distinguishedName
        objTextFile.WriteLine(ObjUser.distinguishedName & " last logged on at " & intLLTS)
  intUAC = ObjUser.Get("userAccountControl")
  ObjUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
  ObjUser.AccountDisabled = True
  ObjUser.SetInfo
'  Set objMoveUser = objNewOU.MoveHere ("LDAP://" & MoreUgly, "cn=" & Uglyinfo)
   End If

   objRecordSet.MoveNext
Loop
objTextFile.WriteLine
'-------------------- End Move Section -------------------------------

Thanks HA