0 votes

I am interested in using the built-in tasks for disabling inactive users and computers but wanted to get a better understanding of what these functions are doing.

When checking for inactive computers what attributes are checked? pwdLastSet & whenChanged?

When checking for inactive users what attributes are checked? Lastlogon or LastLogonTimestamp? If LastLogon is used, will each DC be contacted?

Thanks

by (70 points)

1 Answer

0 votes
by (216k points)

Hello,

The following properties are used to check if a user or computer is inactive:

  • Last-Logon-Timestamp
  • Password Last Set

Also, Adaxes tries to ping the computers that appear to be inactive for a long time based on the properties.

0

If the domain functional level is less than Win2003 Native, will LastLogon be used instead of LastLogonTimestamp?

Adaxes tries to ping the computers that appear to be inactive for a long time based on the properties.

Also, can you provide more detail on the ping routine? After what period of inactivity will Adaxes start to ping a computer to determine it's status? Were is the metadata for the online/offline status stored?

Thanks

0

If the domain functional level is less than Win2003 Native, will LastLogon be used instead of LastLogonTimestamp?

Yes.

Also, can you provide more detail on the ping routine? After what period of inactivity will Adaxes start to ping a computer to determine it's status?

It all depends on the settings of the If is inactive <period> condition. By default, in the Scheduled Tasks for inactive computers and users, it is set to 12 weeks, so Adaxes will ping a computer if Last-Logon-Timestamp / Last Logon and Password Last Set of the computer are older than 12 weeks.

Were is the metadata for the online/offline status stored?

Take a closer look at the Scheduled Tasks. If an account is inactive for longer than the specified time period, the Scheduled Tasks will update the When Marked Inactive property of the user/computer. It is a virtual property that is stored on Adaxes backend.

Related questions

0 votes
1 answer

Hello , I have the "disable inactive computer list" script. The script runs on the system every morning. But I noticed that the script doesn't work properly on some PCs. When ... specified time Can you help me ? What is the problem ? Thank you in advance.

asked Jun 24, 2022 by engcap (40 points)
0 votes
1 answer

I seem to be getting an error when trying to export the Inactive Computers report and choosing the option "Select all objects on all pages." I've set my page size to 10 ... code returned from the server was: 500" Is this due to an IIS configuration? Thanks!

asked May 25, 2012 by Legit (80 points)
0 votes
1 answer

Hello, is it possible to add computers to the basket, imported from a csv file? We get a list from our client team to disable computer accounts in bulk. regards Helmut

asked Feb 22, 2021 by a423385 (510 points)
0 votes
1 answer

Hi, Can you tell me how to look up a list of last logged-in users for computers from specific OU? Have OU called Laptops and need to know who as last person logged into ... username-of-last-user-who-lgged-on-to-computer-s269.htm but it' s not design for OU

asked Dec 2, 2019 by roberttryba (70 points)
0 votes
1 answer

We manage employee user accounts in our on-premise Active Directory and synchronize them to Azure Active Directory using Azure AD Connect. We'd like to be able to generate ... if this is possible so we can easily identify user accounts that are truly inactive.

asked May 9, 2023 by RickWaukCo (320 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users