Regardless of whether you have a Windows 2000 Active Directory domain or a Windows NT 4.0 domain, the scripts on this page will allow you to generate various user property reports, even if you have minimal scripting skills.

NOTE: The scripts MUST be run on a Windows 2000 / Windows NT 4.0 member workstation or server.

If you open a CMD prompt and type NET USER UserName /Domain, you would receive output similar to:

The request will be processed at a domain controller for domain <Domain Name>                              User name                    Test                              Full Name                    Test Tester                              Comment                      Test account                              User's comment               A comment                              Country code                 (null)                              Account active               Yes                              Account expires              Never                              Password last set            02/12/2001 21:34                              Password expires             03/13/2001 20:00                              Password changeable          02/12/2001 21:34                              Password required            Yes                              User may change password     Yes                              Workstations allowed         JSI005,JSI006,JSI007                              Logon script                 logon.bat                              User profile                 \\JSI001\Profiles\Jerry                              Home directory               \\JSI001\Home\Jerry                                Last logon                   02/24/2001 09:34                              Logon hours allowed          Monday 06:00 - 18:00                                                           Tuesday 06:00 - 18:00                                                           Wednesday 06:00 - 18:00                                                           Thursday 06:00 - 18:00                                                           Friday 06:00 - 18:00                              Local Group Memberships      *Users                                             Global Group memberships     *Sales                *Marketing                                                           *Accounting           *Domain Users                                                           *Personnel                              The command completed successfully.
For any user, the first 18 lines of the display have the same line titles. Since Logon hours allowed, Local Group Memberships, and Global Group memberships can each have a variable number of entries, lines 19 - XX can have variable (or no) titles, but these scripts make it easy to identify the data.

To use the scripts, type:

JSIDUGet Full_Path_To_YourBat.bat File

where Full_Path_To_YourBat.bat can be as simple as:

@echo off                              If "%Final%" EQU "Y" goto end                              call jsiduser                              :end
This would product a report of every user, displaying the non-default data. The report, written to File, would look similar to:
User name                    Guest                               Comment                      Built-in account for guest access to the computer/domain                               Account active               No                               Password last set            02/25/2001 06:26                               Password changeable          02/25/2001 06:26                               Password required            No                               User may change password     No                               Last logon                   Never                               Local Group Memberships      *Guests                                              Global Group memberships     *Domain Guests        *Domain Users                                        _______________________________________________________________________________________________                                                                                                                             *                               User name                    Jennifer                               Full Name                    Jennifer V. Schulman                               Password last set            02/12/2000 21:47                               Password changeable          02/12/2000 21:47                               Last logon                   02/24/2001 07:14                               Global Group memberships     *Domain Users                                        _______________________________________________________________________________________________                                                                                                                             *                               User name                    Test                              Full Name                    Test Tester                              Comment                      Test account                              User's comment               A comment                              Password last set            02/12/2001 21:34                              Password expires             03/13/2001 20:00                              Password changeable          02/12/2001 21:34                              Workstations allowed         JSI005,JSI006,JSI007                              Logon script                 logon.bat                              User profile                 \\JSI001\Profiles\Jerry                              Home directory               \\JSI001\Home\Jerry                                Last logon                   02/24/2001 09:34                              Logon hours allowed          Monday 06:00 - 18:00                                                           Tuesday 06:00 - 18:00                                                           Wednesday 06:00 - 18:00                                                           Thursday 06:00 - 18:00                                                           Friday 06:00 - 18:00                              Global Group memberships     *Sales                *Marketing                                                           *Accounting           *Domain Users                                                           *Personnel                              _______________________________________________________________________________________________
NOTE: If you prefer, You can call your own reporting script.

The following environment variables are available to Full_Path_To_YourBat.bat:

actv         Y-account is active, N-not active.                              file         The output report path.                              Final        Y-all records have been processed, N-process the current record.                              First        Y-a switch you can use and set.                              lineNN       line01=User name                    Joe                                           line02=Full Name                    Joe User                                           line03=Comment                      Just a sample                                           line04=User's comment                                           line05=Country code                 000 (System Default)                                           line06=Account active               Yes                                           line07=Account expires              Never                                           line08=Password last set            02/12/2001 20:27                                           line09=Password expires             02/28/2001 19:13                                           line10=Password changeable          02/12/2001 20:27                                           line11=Password required            Yes                                           line12=User may change password     Yes                                           line13=Workstations allowed         All                                           line14=Logon script                 logon.bat                                           line15=User profile                 profile path                                           line16=Home directory               home folder path                                           line17=Last logon                   02/27/2001 00:32                                           line18=Logon hours allowed          All                                           +line19=Local Group Memberships      *Users                                           +line20=Global Group memberships     *Sales                *Domain Users                              max          The number of lines.                              NOWDD        The current day.                              NOWHH        The current hour.                              NOWMM        The current month.                              NOWMX        The current minute                              NOWYMD       The current year/month/day                              NOWYMDHM     The current year/month/day/hour/minute                              NOWYY        The current year.                              UserAcnt     The current UserName.                              XDD07        The account Expires day.                               XDD08        The password last set day.                              XDD09        The password expires day.                              XDD10        The password changeable day.                               XDD17        The last logon day.                              XHH07        The account Expires hour.                               XHH08        The password last set hour.                               XHH09        The password expires hour.                                 XHH10        The password changeable hour.                              XHH17        The last logon hour.                              XMM07        The account Expires month.                              XMM08        The password last set month.                              XMM09        The password expires month.                              XMM10        The password changeable month.                              XMM17        The last logon month.                              XMX07        The account Expires minute.                              XMX08        The password last set minute.                              XMX09        The password expires minute.                              XMX10        The password changeable minute.                              XMX17        The last logon minute.                              XYMD07       The Account Expires year/month/day.                              XYMD08       The Password last set year/month/day.                               XYMD09       The password expires year/month/day.                              XYMD10       The password changeable year/month/day.                              XYMD17       The last logon year/month/day.                              XYMDHM07     The Account Expires year/month/day/hour/minute.                              XYMDHM08     The password last set year/month/day/hour/minute.                              XYMDHM09     The password expires year/month/day/hour/minute.                              XYMDHM10     The password changeable year/month/day/hour/minute.                              XYMDHM17     The last logon year/month/day/hour/minute.                              XYY07        The Account Expires year.                              XYY08        The password last set year.                              XYY09        The password expires year                              XYY10        The password changeable year.                              XYY17        The last logon year.                              On any lineNN, the data at the beginning of the line can be addresses as                               %lineNN:~0,<length> and the data in the right hand column can be address as                               %lineNN:~29,<length>.
The JSIDUGet.bat script is responsible for retrieving all the users. For each user, it creates the environment variables and calls Full_Path_To_YourBat.bat. JSIDUGet.bat contains:
@echo off                              if NOT \{%1\}

\{\} goto begin :syntax @echo Syntax: JSIDUGet YourBat.bat File goto end :begin if \{%2\}

\{\} goto Syntax if not exist %1 goto Syntax setlocal set yourbat=%1 set file=%2 if exist %file% del /q %file% for /f "tokens=2,3,4* delims=/ " %%i in ('date /t') do set NOWMM=%%i&set NOWDD=%%j&set NOWYY=%%k for /f "tokens=1,2 delims=:" %%i in ('time /t') do set NOWHH=%%i&set NOWMX=%%j set NOWHH=%NOWHH: =0% set NOWYMD=%NOWYY%%NOWMM%%NOWDD% set NOWYMDHM=%NOWYMD%%NOWHH%%NOWMX% set wrk= # set blank=%wrk:~0,10% set Final=N set First=Y for /f "Skip=6 Tokens=*" %%i in ('net users /domain') do call :parse "%%i" set Final=Y set /a max=0 set actv=N call %yourbat% endlocal goto end :parse set str=#%1# set str=%str:#"=% set str=%str:"#=% if "%str%"

"The command completed successfully." goto end set substr=%str:~0,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"

"" goto end set /a cnt=0 set UserAcnt=%substr% for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" set substr=%str:~25,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"

"" goto end set /a cnt=0 set UserAcnt=%substr% for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" set substr=%str:~50,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"

"" goto end set /a cnt=0 set UserAcnt=%substr% for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" goto end :dates if "%ustr:~29,5%"

"Never" set XMM=12&set XDD%=31&set XYY=9999&set XHH=24&set XMX=00&goto datesf set edt=%ustr:~29,16% for /f "Tokens=1-5 Delims=/: " %%j in ('@echo %edt%') do set XMM=%%j&set XDD=%%k&set XYY=%%l&set XHH=%%m&set XMX=%%n :datesf set XHH=%XHH: =0% set XYMD=%XYY%%XMM%%XDD% set XYMDHM=%XYMD%%XHH%%XMX% set XMM%lne%=%XMM% set XDD%lne%=%XDD% set XYY%lne%=%XYY% set XHH%lne%=%XHH% set XMX%lne%=%XMX% set XYMD%lne%=%XYMD% set XYMDHM%lne%=%XYMDHM% goto end :parse1 set /a cnt=%cnt% + 1 set ustr=%1 if %ustr%

"The command completed successfully." goto User set ustr=%ustr:"=% set /a wrk=%cnt% + 100 set wrk=%wrk% set lne=%wrk:~1,2% set line=%ustr% if "%lne%" LSS "19" goto parse2 if "%line:~0,1%" EQU "*" set line=%line% if "%line:~0,8%" EQU "Local Gr" goto parse2 if "%line:~0,8%" EQU "Global G" goto parse2 set line= %line% :parse2 if "%line:~29,1%" EQU "" set line=%line%%blank%&goto parse2 set line%lne%=%line% if %cnt% EQU 6 set actv=%ustr:~29,1%&goto end if %cnt% LSS 7 goto end if %cnt% LSS 11 goto dates if %cnt% EQU 17 goto dates goto end :user set /a max=%cnt% - 1 call %yourbat% :end
NOTE: If you wanted the run JSIDUGet.bat on a domain controller, you must replace the 3 occurrences of "Skip=1 Tokens=*" with "Tokens=*".

The standard reporting script, JSIUser.bat, contains:

@echo off                              setlocal                              set /a seq=0                              for /l %%i in (1,1,%max%) do call :parse1                              @echo __________________________________________________________________________________ >> %file%                              @echo                                                                                  * >> %file%                              endlocal                              goto end                              :num5                              if "%line:~29,3%"

"000" goto end if "%line:~29,3%"

"(nu" goto end goto out1 :num6 if "%line:~29,3%"

"Yes" goto end goto out1 :num7 if "%line:~29,3%"

"Nev" goto end goto out1 :num8 :num9 :num10 :num11 :num12 if "%line:~29,3%"

"Yes" goto end goto num7 :num13 if "%line:~29,3%"

"All" goto end goto out1 :num18 if "%line:~29,3%"

"All" goto end goto out1 :parse1 set /a seq=%seq% + 1 set /a wrk=%seq% + 100 set wrk=%wrk% set lne=%wrk:~1,2% for /f "Tokens=2 Delims

" %%i in ('set line%lne%') do @set line=%%i goto num%seq% :num2 goto out :num3 goto out :num4 goto out :num14 goto out :num15 goto out :num16 goto out :num17 goto out :num19 goto out :num20 goto out :num21 goto out :num22 goto out :num23 goto out :num24 goto out :num25 goto out :num26 goto out :num27 goto out :num28 goto out :num29 goto out :num30 goto out :num31 goto out :num32 goto out :num33 goto out :num34 goto out :num35 goto out :num36 :out if "%line:~29,1%"

" " goto end :num1 :out1 @echo %line% >> %file% :end


If you wanted to report the user accounts whose passwords have expired, your Full_Path_To_YourBat.bat would contain:
@echo off                              If "%Final%" EQU "Y" goto end                              REM Select only active accounts                              if "%actv%" EQU "N" goto end                              If "%NOWYMDHM%" GTR "%XYMDHM09%" goto end                                REM If you wish to include the accounts whose password will expire today, use: If "%NOWYMD%" GTR "%XYMD09%" goto end                               call jsiduser                              :end

To report all expired accounts:
@echo off                              If "%Final%" EQU "Y" goto end                              If "%NOWYMDHM%" GTR "%XYMDHM07%" goto end                                REM If you wish to include the accounts that will expire today, use: If "%NOWYMD%" GTR "%XYMD07%" goto end                               call jsiduser                              :end

To report all accounts that do not have a logon script configured:
@echo off                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              if "%line14:~29,1%" GTR " " goto end                              call jsiduser                              :end

To report all active accounts that have never logged on:
@echo off                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              if not "%line17:~29,5%" EQU "Never" goto end                              call jsiduser                              :end

To report all active users who are members of the Domain Admins group:
@echo off                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              If %max% LSS 19 goto end                              set DA=N                              for /l %%i in (19,1,%max%) do call :parse %%i                              if "%DA%" EQU "N" goto end                              call jsiduser                              goto end                              :parse                              if "%DA%" EQU "Y" goto end                              set lne=%1                              for /f "Tokens=2 Delims" %%j in ('set line%lne%') do @set line=%%j                              if "%line:~29,14%" EQU "*Domain Admins" set DA=Y&goto end                              if "%line:~51,14%" EQU "*Domain Admins" set DA=Y                              :end

To report all active accounts that have logon hour restrictions on Wednesday:
@echo off                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              set Wed=N                              for /l %%i in (18,1,%max%) do call :parse %%i                              if "%Wed%" EQU "N" goto end                              call jsiduser                              goto end                              :parse                              if "%Wed%" EQU "Y" goto end                              set lne=%1                              for /f "Tokens=2 Delims

" %%j in ('set line%lne%') do @set line=%%j if "%line:~29,1%" EQU "*" goto end If "%line:~29,3%" EQU "Wed" set Wed=Y :end


To report all active users that have workstation restriction who are allowed to log onto JSI006:
@echo off                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              if "%line13:~29,3%" EQU "All" goto end                              set Work=N                              REM A maximum of 8 workstations and a maximum computer name of 20 and up to 7 commas + 1 for good measure                              set worklist=%line13:~29,168%                              for /f "Tokens=1-8 Delims=, " %%i in ('@echo %worklist%') do call :parse %%i %%j %%k %%l %%m %%n %%o %%p                              if "%Work%" EQU "N" goto end                              call jsiduser                              goto end                              :parse                              :loop                              if \{%1\} EQU \{\} goto end                              set workstn=%1                              If /i "%workstn:~0,6%" EQU "JSI006" set Work=Y&goto end                              shift                              goto loop                              :end

To report all active accounts that haven't logged on in 30 days:
@echo                              If "%Final%" EQU "Y" goto end                              if "%actv%" EQU "N" goto end                              Call JSIDateM %XYY% %XMM% %XDD% - %NOWYY% %NOWMM% %NOWDD%                              If %NDD% GTR -30 goto end                              call jsiduser                              :end

To generate a sorted report of domain group membership, your Full_Path_To_YourBat.bat would contain:
@echo off                              If "%Final%" EQU "Y" goto phase2                              if "%First%" EQU "N" goto phase1                              set First=N                              if exist %TEMP%\sortin.tmp del /q %TEMP%\sortin.tmp                              if exist %TEMP%\sortou.tmp del /q %TEMP%\sortou.tmp                              :phase1                              if "%actv%" EQU "N" goto end                              If %max% LSS 19 goto end                              set Glob=N                              for /l %%i in (19,1,%max%) do call :parse %%i                              goto end                              :phase2                              sort %TEMP%\sortin.tmp /O %TEMP%\sortou.tmp                              del /q %TEMP%\sortin.tmp                              set pgrp= #                              set blank=                      #                              set spac=%blank:~0,20%                              for /f "Tokens=*" %%i in (%TEMP%\sortou.tmp) do call :report "%%i"                              del /q %TEMP%\sortou.tmp                              goto end                              :report                              set line=%1                              set line=%line:"=%                              if "%pgrp%" EQU "%line:~0,20%" goto detail                              set pgrp=%line:~0,20%                              @echo __________________________________________ >>%File%                              @echo                                          * >>%File%                              @echo %line%>>%File%                              goto end                              :detail                              set data=%line:~20,99%                              @echo %spac%%data%>>%File%                              goto end                              :parse                              set lne=%1                              for /f "Tokens=2 Delims" %%j in ('set line%lne%') do @set line=%%j                              if "%line:~0,6%" EQU "Global" set Glob=Y                              If "%Glob%" EQU "N" goto end                              if not "%line:~29,1%" EQU "*" goto end                              set grp=%line:~30,20%                          #                              set group=%grp:~0,25%                              @echo %group% %UserAcnt% >>%TEMP%\sortin.tmp                              if not "%line:~51,1%" EQU "*" goto end                              set grp=%line:~52,20%                          #                              set group=%grp:~0,25%                              @echo %group% %UserAcnt% >>%TEMP%\sortin.tmp                              :end
The sorted report would look like:
__________________________________________                                                                        *                               Domain Admins             Administrator                                                         Jerry                               __________________________________________                                                                        *                               Domain Users              Administrator                                                         Jennifer                                                         Jerry                                                         test                               __________________________________________                                                                        *                               Enterprise Admins         Administrator                                                         Jerry                               __________________________________________                                                                        *                               Group Policy Creator      Administrator                               __________________________________________                                                                        *                               Installers                Jerry                               __________________________________________                                                                        *                               Schema Admins             Administrator                                                         Jerry
NOTE: Other general routines include:

tip 0863 » Time Math.

tip 0721 » General purpose date math routine.