Posts

Showing posts from September, 2018

Find AD Users who never logged on using Powershell

We can use the Active Directory powershell cmdlet   Get-ADUser   to query users from AD. We can find and get a list of AD users who never logged in at least one time by checking the AD attribute value   lastlogontimestamp .   The below command lists all users who never logged on. Get-ADUser -Filter {(lastlogontimestamp -notlike "*")} | Select Name,DistinguishedName If you want to list only enabled ad users, you can add one more check in the above filter.   Get-ADUser -Filter {(lastlogontimestamp -notlike "*") -and (enabled -eq $true)} | Select Name,DistinguishedName If you are familiar with LDAP filter you can also find never logged in users by using ldap filter.   Get-ADUser -ldapfilter '(&(!lastlogontimestamp=*)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))' | Select Name,DistinguishedName In most cases, we may want to find AD users who created in last certain days or months and not logged in their system. To achieve this, we need to fi...

What is DataStore.edb?

What is DataStore.edb?: The  DataStore.edb  file is some kind of log file, it keeps the history of Windows updates and it is located under SoftwareDistribution folder ( C:\Windows\SoftwareDistribution\DataStore\DataStore.edb ). Its size will grow for every Windows Update check.  Is it safe to delete?: Yes , it is safe to delete, but the next time when Windows checks for updates, it will basically start from scratch and check everything. There's no point in deleting DataStore.edb since it will just be rebuilt the next time Windows checks for updates. If you are just looking for stuff to delete you can empty the SoftwareDistribution\Download folder. 

Difference between a RID and a SID in Active Directory

Image
SID (Security Identifier) - An  SID  is a Security Identifier. It's the "primary key" for any object in an  Active Directory .    For example, users have  SIDs , as do Printer objects, Group objects, etc.  SID 's are unique to a Domain. - In Active Directory users refer to accounts by using the account name, but the operating system internally refers to accounts by their security identifiers ( SID s). - For domain accounts, the  SID  of a security principal is created by concatenating the  SID  of the domain with a relative identifier ( RID ) for the account.  SID s are unique within their scope (domain or local) and are never reused. - For every local account and group, the  SID  is unique for the computer where it was created; no two accounts or groups on the computer ever share the same  SID . Likewise, for every domain account and group, the  SID  is unique within an enterprise. This mean...

Difference Between LastLogon vs LastLogonTimeStamp

Description: In this article, I am going to explain the difference between  LastLogon vs LastLogonTimeStamp  in Active Directory and how to find the  True Last Logon  value of an user from these two attributes. Summary: Both are Active Directory Schema attributes which are used to hold an user's  Last Logon Time  in two different ways.  LastLogon   is the  Non-Replicable  attribute. It means the value of this attribute is specific to a Domain Controller LastLogonTimeStamp   is the  Replicable  attribute but this attribute is not updated every time a user successfully logs in. This attribute is updated only when its current value is older than the current time minus the value of the  msDS-LogonTimeSyncInterval  attribute Before going to explain the clear difference, here I would like to recall the terms  Replication  and  Non-Replicable attributes . Replication    In A...