Regardless of whether you have a Windows 2000 Active Directory domain or a Windows NT 4.0 domain, the scripts on this page will
allow you to generate various user property reports, even if you have minimal scripting skills.
NOTE: The scripts MUST be run on a Windows 2000 / Windows NT 4.0 member workstation or server.
If you open a CMD prompt and type NET USER UserName /Domain, you would receive output similar to:
The request will be processed at a domain controller for domain <Domain Name>
User name Test
Full Name Test Tester
Comment Test account
User's comment A comment
Country code (null)
Account active Yes
Account expires Never
Password last set 02/12/2001 21:34
Password expires 03/13/2001 20:00
Password changeable 02/12/2001 21:34
Password required Yes
User may change password Yes
Workstations allowed JSI005,JSI006,JSI007
Logon script logon.bat
User profile \\JSI001\Profiles\Jerry
Home directory \\JSI001\Home\Jerry
Last logon 02/24/2001 09:34
Logon hours allowed Monday 06:00 - 18:00
Tuesday 06:00 - 18:00
Wednesday 06:00 - 18:00
Thursday 06:00 - 18:00
Friday 06:00 - 18:00
Local Group Memberships *Users
Global Group memberships *Sales *Marketing
*Accounting *Domain Users
*Personnel
The command completed successfully.For any user, the first 18 lines of the display have the same line titles.
Since
Logon hours allowed,
Local Group Memberships, and
Global Group memberships can each have
a variable number of entries, lines 19 - XX can have variable (or no) titles, but these scripts make it easy to identify
the data.
To use the scripts, type:
JSIDUGet Full_Path_To_YourBat.bat File
where Full_Path_To_YourBat.bat can be as simple as:
@echo off If "%Final%" EQU "Y" goto end call jsiduser :endThis would product a report of every user, displaying the non-default data. The report, written to File, would look similar to:
User name Guest
Comment Built-in account for guest access to the computer/domain
Account active No
Password last set 02/25/2001 06:26
Password changeable 02/25/2001 06:26
Password required No
User may change password No
Last logon Never
Local Group Memberships *Guests
Global Group memberships *Domain Guests *Domain Users
_______________________________________________________________________________________________
*
User name Jennifer
Full Name Jennifer V. Schulman
Password last set 02/12/2000 21:47
Password changeable 02/12/2000 21:47
Last logon 02/24/2001 07:14
Global Group memberships *Domain Users
_______________________________________________________________________________________________
*
User name Test
Full Name Test Tester
Comment Test account
User's comment A comment
Password last set 02/12/2001 21:34
Password expires 03/13/2001 20:00
Password changeable 02/12/2001 21:34
Workstations allowed JSI005,JSI006,JSI007
Logon script logon.bat
User profile \\JSI001\Profiles\Jerry
Home directory \\JSI001\Home\Jerry
Last logon 02/24/2001 09:34
Logon hours allowed Monday 06:00 - 18:00
Tuesday 06:00 - 18:00
Wednesday 06:00 - 18:00
Thursday 06:00 - 18:00
Friday 06:00 - 18:00
Global Group memberships *Sales *Marketing
*Accounting *Domain Users
*Personnel
_______________________________________________________________________________________________
NOTE: If you prefer,
You can call your own reporting script.
The following environment variables are available to Full_Path_To_YourBat.bat:
actv Y-account is active, N-not active.
file The output report path.
Final Y-all records have been processed, N-process the current record.
First Y-a switch you can use and set.
lineNN line01=User name Joe
line02=Full Name Joe User
line03=Comment Just a sample
line04=User's comment
line05=Country code 000 (System Default)
line06=Account active Yes
line07=Account expires Never
line08=Password last set 02/12/2001 20:27
line09=Password expires 02/28/2001 19:13
line10=Password changeable 02/12/2001 20:27
line11=Password required Yes
line12=User may change password Yes
line13=Workstations allowed All
line14=Logon script logon.bat
line15=User profile profile path
line16=Home directory home folder path
line17=Last logon 02/27/2001 00:32
line18=Logon hours allowed All
+line19=Local Group Memberships *Users
+line20=Global Group memberships *Sales *Domain Users
max The number of lines.
NOWDD The current day.
NOWHH The current hour.
NOWMM The current month.
NOWMX The current minute
NOWYMD The current year/month/day
NOWYMDHM The current year/month/day/hour/minute
NOWYY The current year.
UserAcnt The current UserName.
XDD07 The account Expires day.
XDD08 The password last set day.
XDD09 The password expires day.
XDD10 The password changeable day.
XDD17 The last logon day.
XHH07 The account Expires hour.
XHH08 The password last set hour.
XHH09 The password expires hour.
XHH10 The password changeable hour.
XHH17 The last logon hour.
XMM07 The account Expires month.
XMM08 The password last set month.
XMM09 The password expires month.
XMM10 The password changeable month.
XMM17 The last logon month.
XMX07 The account Expires minute.
XMX08 The password last set minute.
XMX09 The password expires minute.
XMX10 The password changeable minute.
XMX17 The last logon minute.
XYMD07 The Account Expires year/month/day.
XYMD08 The Password last set year/month/day.
XYMD09 The password expires year/month/day.
XYMD10 The password changeable year/month/day.
XYMD17 The last logon year/month/day.
XYMDHM07 The Account Expires year/month/day/hour/minute.
XYMDHM08 The password last set year/month/day/hour/minute.
XYMDHM09 The password expires year/month/day/hour/minute.
XYMDHM10 The password changeable year/month/day/hour/minute.
XYMDHM17 The last logon year/month/day/hour/minute.
XYY07 The Account Expires year.
XYY08 The password last set year.
XYY09 The password expires year
XYY10 The password changeable year.
XYY17 The last logon year.
On any lineNN, the data at the beginning of the line can be addresses as
%lineNN:~0,<length> and the data in the right hand column can be address as
%lineNN:~29,<length>.
The
JSIDUGet.bat script is responsible for retrieving all the users. For each user, it creates the
environment variables and calls
Full_Path_To_YourBat.bat.
JSIDUGet.bat contains:
@echo off
if NOT \{%1\}\{\} goto begin
:syntax
@echo Syntax: JSIDUGet YourBat.bat File
goto end
:begin
if \{%2\}
\{\} goto Syntax
if not exist %1 goto Syntax
setlocal
set yourbat=%1
set file=%2
if exist %file% del /q %file%
for /f "tokens=2,3,4* delims=/ " %%i in ('date /t') do set NOWMM=%%i&set NOWDD=%%j&set NOWYY=%%k
for /f "tokens=1,2 delims=:" %%i in ('time /t') do set NOWHH=%%i&set NOWMX=%%j
set NOWHH=%NOWHH: =0%
set NOWYMD=%NOWYY%%NOWMM%%NOWDD%
set NOWYMDHM=%NOWYMD%%NOWHH%%NOWMX%
set wrk= #
set blank=%wrk:~0,10%
set Final=N
set First=Y
for /f "Skip=6 Tokens=*" %%i in ('net users /domain') do call :parse "%%i"
set Final=Y
set /a max=0
set actv=N
call %yourbat%
endlocal
goto end
:parse
set str=#%1#
set str=%str:#"=%
set str=%str:"#=%
if "%str%""The command completed successfully." goto end
set substr=%str:~0,25%#
set substr=%substr: =%
set substr=%substr: #=%
set substr=%substr:#=%
if "%substr%"
"" goto end
set /a cnt=0
set UserAcnt=%substr%
for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i"
set substr=%str:~25,25%#
set substr=%substr: =%
set substr=%substr: #=%
set substr=%substr:#=%
if "%substr%""" goto end
set /a cnt=0
set UserAcnt=%substr%
for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i"
set substr=%str:~50,25%#
set substr=%substr: =%
set substr=%substr: #=%
set substr=%substr:#=%
if "%substr%"
"" goto end
set /a cnt=0
set UserAcnt=%substr%
for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i"
goto end
:dates
if "%ustr:~29,5%""Never" set XMM=12&set XDD%=31&set XYY=9999&set XHH=24&set XMX=00&goto datesf
set edt=%ustr:~29,16%
for /f "Tokens=1-5 Delims=/: " %%j in ('@echo %edt%') do set XMM=%%j&set XDD=%%k&set XYY=%%l&set XHH=%%m&set XMX=%%n
:datesf
set XHH=%XHH: =0%
set XYMD=%XYY%%XMM%%XDD%
set XYMDHM=%XYMD%%XHH%%XMX%
set XMM%lne%=%XMM%
set XDD%lne%=%XDD%
set XYY%lne%=%XYY%
set XHH%lne%=%XHH%
set XMX%lne%=%XMX%
set XYMD%lne%=%XYMD%
set XYMDHM%lne%=%XYMDHM%
goto end
:parse1
set /a cnt=%cnt% + 1
set ustr=%1
if %ustr%
"The command completed successfully." goto User
set ustr=%ustr:"=%
set /a wrk=%cnt% + 100
set wrk=%wrk%
set lne=%wrk:~1,2%
set line=%ustr%
if "%lne%" LSS "19" goto parse2
if "%line:~0,1%" EQU "*" set line=%line%
if "%line:~0,8%" EQU "Local Gr" goto parse2
if "%line:~0,8%" EQU "Global G" goto parse2
set line= %line%
:parse2
if "%line:~29,1%" EQU "" set line=%line%%blank%&goto parse2
set line%lne%=%line%
if %cnt% EQU 6 set actv=%ustr:~29,1%&goto end
if %cnt% LSS 7 goto end
if %cnt% LSS 11 goto dates
if %cnt% EQU 17 goto dates
goto end
:user
set /a max=%cnt% - 1
call %yourbat%
:end
NOTE: If you wanted the run
JSIDUGet.bat on a domain controller, you must
replace the 3 occurrences of
"Skip=1 Tokens=*" with
"Tokens=*".
The standard reporting script, JSIUser.bat, contains:
@echo off setlocal set /a seq=0 for /l %%i in (1,1,%max%) do call :parse1 @echo __________________________________________________________________________________ >> %file% @echo * >> %file% endlocal goto end :num5 if "%line:~29,3%""000" goto end if "%line:~29,3%"
"(nu" goto end goto out1 :num6 if "%line:~29,3%""Yes" goto end goto out1 :num7 if "%line:~29,3%"
"Nev" goto end goto out1 :num8 :num9 :num10 :num11 :num12 if "%line:~29,3%""Yes" goto end goto num7 :num13 if "%line:~29,3%"
"All" goto end goto out1 :num18 if "%line:~29,3%""All" goto end goto out1 :parse1 set /a seq=%seq% + 1 set /a wrk=%seq% + 100 set wrk=%wrk% set lne=%wrk:~1,2% for /f "Tokens=2 Delims
" %%i in ('set line%lne%') do @set line=%%i goto num%seq% :num2 goto out :num3 goto out :num4 goto out :num14 goto out :num15 goto out :num16 goto out :num17 goto out :num19 goto out :num20 goto out :num21 goto out :num22 goto out :num23 goto out :num24 goto out :num25 goto out :num26 goto out :num27 goto out :num28 goto out :num29 goto out :num30 goto out :num31 goto out :num32 goto out :num33 goto out :num34 goto out :num35 goto out :num36 :out if "%line:~29,1%"" " goto end :num1 :out1 @echo %line% >> %file% :end
If you wanted to report the user accounts whose passwords have expired, your Full_Path_To_YourBat.bat would contain:
@echo off If "%Final%" EQU "Y" goto end REM Select only active accounts if "%actv%" EQU "N" goto end If "%NOWYMDHM%" GTR "%XYMDHM09%" goto end REM If you wish to include the accounts whose password will expire today, use: If "%NOWYMD%" GTR "%XYMD09%" goto end call jsiduser :end
To report all expired accounts:
@echo off If "%Final%" EQU "Y" goto end If "%NOWYMDHM%" GTR "%XYMDHM07%" goto end REM If you wish to include the accounts that will expire today, use: If "%NOWYMD%" GTR "%XYMD07%" goto end call jsiduser :end
To report all accounts that do not have a logon script configured:
@echo off If "%Final%" EQU "Y" goto end if "%actv%" EQU "N" goto end if "%line14:~29,1%" GTR " " goto end call jsiduser :end
To report all active accounts that have never logged on:
@echo off If "%Final%" EQU "Y" goto end if "%actv%" EQU "N" goto end if not "%line17:~29,5%" EQU "Never" goto end call jsiduser :end
To report all active users who are members of the Domain Admins group:
@echo off
If "%Final%" EQU "Y" goto end
if "%actv%" EQU "N" goto end
If %max% LSS 19 goto end
set DA=N
for /l %%i in (19,1,%max%) do call :parse %%i
if "%DA%" EQU "N" goto end
call jsiduser
goto end
:parse
if "%DA%" EQU "Y" goto end
set lne=%1
for /f "Tokens=2 Delims" %%j in ('set line%lne%') do @set line=%%j
if "%line:~29,14%" EQU "*Domain Admins" set DA=Y&goto end
if "%line:~51,14%" EQU "*Domain Admins" set DA=Y
:end
To report all active accounts that have logon hour restrictions on Wednesday:
@echo off If "%Final%" EQU "Y" goto end if "%actv%" EQU "N" goto end set Wed=N for /l %%i in (18,1,%max%) do call :parse %%i if "%Wed%" EQU "N" goto end call jsiduser goto end :parse if "%Wed%" EQU "Y" goto end set lne=%1 for /f "Tokens=2 Delims" %%j in ('set line%lne%') do @set line=%%j if "%line:~29,1%" EQU "*" goto end If "%line:~29,3%" EQU "Wed" set Wed=Y :end
To report all active users that have workstation restriction who are allowed to log onto JSI006:
@echo off
If "%Final%" EQU "Y" goto end
if "%actv%" EQU "N" goto end
if "%line13:~29,3%" EQU "All" goto end
set Work=N
REM A maximum of 8 workstations and a maximum computer name of 20 and up to 7 commas + 1 for good measure
set worklist=%line13:~29,168%
for /f "Tokens=1-8 Delims=, " %%i in ('@echo %worklist%') do call :parse %%i %%j %%k %%l %%m %%n %%o %%p
if "%Work%" EQU "N" goto end
call jsiduser
goto end
:parse
:loop
if \{%1\} EQU \{\} goto end
set workstn=%1
If /i "%workstn:~0,6%" EQU "JSI006" set Work=Y&goto end
shift
goto loop
:end
To report all active accounts that haven't logged on in 30 days:
@echo If "%Final%" EQU "Y" goto end if "%actv%" EQU "N" goto end Call JSIDateM %XYY% %XMM% %XDD% - %NOWYY% %NOWMM% %NOWDD% If %NDD% GTR -30 goto end call jsiduser :end
To generate a sorted report of domain group membership, your Full_Path_To_YourBat.bat would contain:
@echo off
If "%Final%" EQU "Y" goto phase2
if "%First%" EQU "N" goto phase1
set First=N
if exist %TEMP%\sortin.tmp del /q %TEMP%\sortin.tmp
if exist %TEMP%\sortou.tmp del /q %TEMP%\sortou.tmp
:phase1
if "%actv%" EQU "N" goto end
If %max% LSS 19 goto end
set Glob=N
for /l %%i in (19,1,%max%) do call :parse %%i
goto end
:phase2
sort %TEMP%\sortin.tmp /O %TEMP%\sortou.tmp
del /q %TEMP%\sortin.tmp
set pgrp= #
set blank= #
set spac=%blank:~0,20%
for /f "Tokens=*" %%i in (%TEMP%\sortou.tmp) do call :report "%%i"
del /q %TEMP%\sortou.tmp
goto end
:report
set line=%1
set line=%line:"=%
if "%pgrp%" EQU "%line:~0,20%" goto detail
set pgrp=%line:~0,20%
@echo __________________________________________ >>%File%
@echo * >>%File%
@echo %line%>>%File%
goto end
:detail
set data=%line:~20,99%
@echo %spac%%data%>>%File%
goto end
:parse
set lne=%1
for /f "Tokens=2 Delims" %%j in ('set line%lne%') do @set line=%%j
if "%line:~0,6%" EQU "Global" set Glob=Y
If "%Glob%" EQU "N" goto end
if not "%line:~29,1%" EQU "*" goto end
set grp=%line:~30,20% #
set group=%grp:~0,25%
@echo %group% %UserAcnt% >>%TEMP%\sortin.tmp
if not "%line:~51,1%" EQU "*" goto end
set grp=%line:~52,20% #
set group=%grp:~0,25%
@echo %group% %UserAcnt% >>%TEMP%\sortin.tmp
:endThe sorted report would look
like:
__________________________________________
*
Domain Admins Administrator
Jerry
__________________________________________
*
Domain Users Administrator
Jennifer
Jerry
test
__________________________________________
*
Enterprise Admins Administrator
Jerry
__________________________________________
*
Group Policy Creator Administrator
__________________________________________
*
Installers Jerry
__________________________________________
*
Schema Admins Administrator
Jerry
NOTE: Other general routines include:
tip 0721 » General purpose date math routine.
0 comments
Hide comments
