DirectorySearcher filter how to limit based on last 30 days

3391 views c#
7

I am searching Active Directory for users in a specific OU. I am only getting the users that have logom in the last 30 days.

My search filter Query is:

string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays(-30).Ticks) + ")(mail=*))";

I get search filter is invalid I have used:

string query = "(&(objectCategory=person)(objectClass=user)((lastLogon=*)(mail=*))";

With no error

I have modified the last logon as follows:

(lastLogon<=1)

I am calling a method that does this

public static DataTable GetADusers() { try { string ou = "OU";

            using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, ou))
            {
                UserPrincipal user = new UserPrincipal(ctx);
                using (PrincipalSearcher ps = new PrincipalSearcher(user))
                {
                    DataTable results = new DataTable();

                    results.Columns.Add("DisplayName ");
                    results.Columns.Add("FirstName");
                    results.Columns.Add("Initial");
                    results.Columns.Add("LastName");
                    results.Columns.Add("mail");
                    results.Columns.Add("SamAccountName");
                    results.Columns.Add("DistinguishedName");
                    results.Columns.Add("lastLogon");

                    int count = 0;

                    int ctNull = 0;

                    foreach (Principal p in ps.FindAll())
                    {
                        UserPrincipal u = p as UserPrincipal;
                        if (u != null)
                        {
                            DirectoryEntry entry = (DirectoryEntry)p.GetUnderlyingObject();
                            DirectorySearcher search = new DirectorySearcher(entry);

                            string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays(-30).Ticks) + ")(mail=*))";

                            search.Filter = query;
                            search.PropertiesToLoad.Add("DisplayName");
                            search.PropertiesToLoad.Add("GivenName");
                            search.PropertiesToLoad.Add("Initials");
                            search.PropertiesToLoad.Add("sn");
                            search.PropertiesToLoad.Add("mail");
                            search.PropertiesToLoad.Add("SamAccountName");
                            search.PropertiesToLoad.Add("DistinguishedName");
                            search.PropertiesToLoad.Add("lastLogon");

                            SearchResultCollection mySearchResultColl = search.FindAll();

                            foreach (SearchResult sr in mySearchResultColl)
                            {
                                DataRow dr = results.NewRow();
                                DirectoryEntry de = sr.GetDirectoryEntry();
                                dr["EmployeeID"] = de.Properties["EmployeeID"].Value;
                                dr["DisplayName "] = de.Properties["DisplayName"].Value;
                                dr["FirstName"] = de.Properties["GivenName"].Value;
                                dr["Initial"] = de.Properties["Initials"].Value;
                                dr["LastName"] = de.Properties["sn"].Value;
                                dr["mail"] = de.Properties["mail"].Value;
                                dr["SamAccountName"] = de.Properties["SamAccountName"].Value;
                                dr["DistinguishedName"] = de.Properties["DistinguishedName"].Value;
                                //prepare for last logon
                                if (de.Properties["lastLogon"] != null && de.Properties["lastLogon"].Count > 0)
                                {
                                    Int64 lastLogonThisServer = new Int64();
                                    IADsLargeInteger lgInt = (IADsLargeInteger)de.Properties["lastLogon"].Value;
                                    lastLogonThisServer = ((long)lgInt.HighPart << 32) + lgInt.LowPart;
                                    dr["lastLogon"] = DateTime.FromFileTime(lastLogonThisServer).ToString();
                                }
                                else
                                {
                                    dr["lastLogon"] = DateTime.MinValue.ToString();
                                    ctNull++;
                                }

                                results.Rows.Add(dr);
                                count++;

                            }

                        }
                    }
                    Console.WriteLine(count);
                    Console.WriteLine("

answered question

1 Answer

9

You query by the whenCreated attribute. Something like this:

(&(objectClass)(whenCreated<=20181005000000.0Z))

That would find accounts older than a month from today. Of course, you will need to construct that date. The format is this:

yyyyMMddhhmmss.sZ

It must always end with Z.

posted this

Have an answer?

JD

Please login first before posting an answer.