Announcement

Collapse
No announcement yet.

Hyena inacurate or at best different from DSQUERY results

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hyena inacurate or at best different from DSQUERY results

    I'm using Hyena v8.0 in an Windows AD domain (2003) and I need to identify inactive machine accounts to delete, basic house cleaning.

    I added the "Last Logon" column to the computer objects view. I double click Computers on the left side of Hyena and it displays all computer accounts in our domain along with the date they last changed their password.

    The problem is that when I compare the list Hyena produces with Dsquery (C:\>dsquery computer -inactive 28) the results are different.

    The Hyena report lists 42 more machine accounts than the dsquery report.

    I have been using Hyena for 6-years, and running this same report every 6-months. This is the first time I have compared the results with dsquery and I'm worried Hyena is inaccurate.

  • #2
    Re: Hyena inacurate or at best different from DSQUERY results

    It would be nice if Microsoft documented the underlying mechanisms they use in their utilities. The DsQuery command switch you use uses the AD attribute 'lastlogontimestamp'. You may have to add this field manually to your query as its relatively new. Then, the results should line up. The lastlogon attribute is not replicated between domain controllers. You can get more information on the timestamp attribute here:
    http://blog.joeware.net/2007/05/01/864/
    Kevin Stanush
    SystemTools Software Inc.

    Comment


    • #3
      Re: Hyena inacurate or at best different from DSQUERY results

      I also used Exporter Pro to produce the same report (this pulls from all DC's) and got slightly different results from the prior Hyena list, but Hyena and dsquery still differ.

      Hyena says there are 90 machine accounts that are >7months old and dsquery says there are only 42.

      Comment


      • #4
        Re: Hyena inacurate or at best different from DSQUERY results

        Additionally, I'm using the password last changed attribute, not the last logon attribute to determine if a machine account is "safe to delete" due to it being inactive.

        I read the Joeware post and don't see how that applies. Can you expand on what you're suggesting I try?

        Bottom line is that I need to accurately determine the last time a machine account changed it's password.
        thanks

        Comment


        • #5
          Re: Hyena inacurate or at best different from DSQUERY results

          What I'm gathering from this is not a discrepancy between Hyena and dsquery, but a discrepancy between data fields that you are looking at. Above it was suggested that dsquery uses the lastlogontimestamp field for the -inactive determination.

          To compare apples and apples you would need to add lastlogontimestamp to your query in Hyena to see what it is reporting.

          LastLogon, lastlogontimestamp, and pwdlastset all contain different data.

          Comment


          • #6
            Re: Hyena inacurate or at best different from DSQUERY results

            I will be leaving the office in a few minutes, but:

            lastlogon is a non-replicated attribute, meaning that it will have a different value on each domain controller. Exporter Pro can either merge them together or report them all separately, but its a time consuming report, which is why Hyena only shows it from the DC that data is coming from.

            lastlogontimestamp is replicated, so the information is usually fairly up to date.

            pwdlastset I think is replicated and shows the last time the machine changed its password. I don't know what the relationship is between pwdlastset and lastlogontimestamp for machine accounts.

            You might be able to google the two and see if there are any articles on it. But there might be a reason that dsquery uses lastlogontimestamp, assuming that information is correct.
            Kevin Stanush
            SystemTools Software Inc.

            Comment

            Working...
            X