Hi We are using SAMBA4 As Active Directory We have a requirement to a) find out which user did not logging for more then 90 days and Delete those user by using script I am just wondering, is there any command to check in Samba4 to get user Last login time ? Thanks-- Regards -- Regards Fosiul Alam
https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp Works on Samba AD as on Windows and can be queried by any LDAP client and used in Bash/Powershell scripts. There's probably finished scripts somewhere you can use. On 23.04.19 17:07, Fosiul Alam via samba wrote:> Hi > We are using SAMBA4 As Active Directory We have a requirement to > a) find out which user did not logging for more then 90 days and Delete > those user by using script > > I am just wondering, is there any command to check in Samba4 to get user > Last login time ? > > Thanks-- > Regards >-- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas, Systemadministrator ✉ sven.schwedas at tao.at | ☎ +43 680 301 7167 TAO Digital | Teil der TAO Beratungs- & Management GmbH Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach A8020 Graz | https://www.tao-digital.at -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20190423/d4a650bc/signature.sig>
Mandi! Fosiul Alam via samba In chel di` si favelave...> I am just wondering, is there any command to check in Samba4 to get user > Last login time ?ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" lastLogonTimestamp | grep "^lastLogonTimestamp: " | cut -d ' ' -f 2- -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Tue, 23 Apr 2019 16:07:09 +0100 Fosiul Alam via samba <samba at lists.samba.org> wrote:> Hi > We are using SAMBA4 As Active Directory We have a requirement to > a) find out which user did not logging for more then 90 days and > Delete those user by using script > > I am just wondering, is there any command to check in Samba4 to get > user Last login time ? >You are nearly there, investigate the AD 'lastLogon' attribute, there is a slight problem though, you will have to search every DC, this attribute isn't replicated. Rowland
On Tue, 23 Apr 2019 17:12:37 +0200 Sven Schwedas via samba <samba at lists.samba.org> wrote:> https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp > > Works on Samba AD as on Windows and can be queried by any LDAP client > and used in Bash/Powershell scripts. There's probably finished scripts > somewhere you can use. >Yes, you could use that attribute, but it isn't as accurate. Rowland