什么ldap查询返回现在从active-directory中删除的用户对象?

时间:2022-01-13 02:57:32

Is there a ldap query that will return or list user objects that have been removed from the active-directory system? Must you track all the user objects currently in the active-directory, and maintain a "last seen" stamp in order to tell when a user object has been removed from the active-directory?

是否有一个ldap查询将返回或列出已从活动目录系统中删除的用户对象?您是否必须跟踪当前在活动目录中的所有用户对象,并维护“上次看到”的标记,以便告知用户对象何时从活动目录中删除?

1 个解决方案

#1


I really don't believe that this information is obtainable. In the next version of the OS (Windows 2008 R2), Microsoft is introducing the ability to do this by implementing a recycle bin like functionality for and Active Directory object. Please see these write ups for more info: http://blogs.technet.com/niraj_kumar/archive/2009/02/03/new-feature-active-directory-recycle-bin-in-windows-2008-r2.aspx http://technet.microsoft.com/en-us/library/dd392261.aspx

我真的不相信这些信息是可以获得的。在下一版本的操作系统(Windows 2008 R2)中,Microsoft通过实现类似于Active Directory对象的功能的回收站来引入此功能。有关详细信息,请参阅这些文章:http://blogs.technet.com/niraj_kumar/archive/2009/02/03/new-feature-active-directory-recycle-bin-in-windows-2008-r2.aspx http://technet.microsoft.com/en-us/library/dd392261.aspx

But you may see that this is in reference to the deletion of the object itself, and that it doesn't provide any information about when a property of the object changes. You can look at the last modified property but even then you have no way of knowing which property changed (more then likely it will be the last logon), so again your left with no help. If your trying to track a issue that is occurring which you can recreate, I recommend that create some sort of script/code which record the properties of a specific user at a given interval, and then just keep running it as you move from one step to the other i the recreation of the problem.

但是您可能会看到这是对对象本身的删除,并且它没有提供有关对象属性何时更改的任何信息。您可以查看最后修改过的属性,但即使这样,您也无法知道哪个属性发生了更改(更可能是最后一次登录),所以再次左侧没有任何帮助。如果您尝试跟踪可以重新创建的问题,我建议创建某种脚本/代码,以给定的间隔记录特定用户的属性,然后在从一步移动时继续运行它对另一个我重新解决问题。

#1


I really don't believe that this information is obtainable. In the next version of the OS (Windows 2008 R2), Microsoft is introducing the ability to do this by implementing a recycle bin like functionality for and Active Directory object. Please see these write ups for more info: http://blogs.technet.com/niraj_kumar/archive/2009/02/03/new-feature-active-directory-recycle-bin-in-windows-2008-r2.aspx http://technet.microsoft.com/en-us/library/dd392261.aspx

我真的不相信这些信息是可以获得的。在下一版本的操作系统(Windows 2008 R2)中,Microsoft通过实现类似于Active Directory对象的功能的回收站来引入此功能。有关详细信息,请参阅这些文章:http://blogs.technet.com/niraj_kumar/archive/2009/02/03/new-feature-active-directory-recycle-bin-in-windows-2008-r2.aspx http://technet.microsoft.com/en-us/library/dd392261.aspx

But you may see that this is in reference to the deletion of the object itself, and that it doesn't provide any information about when a property of the object changes. You can look at the last modified property but even then you have no way of knowing which property changed (more then likely it will be the last logon), so again your left with no help. If your trying to track a issue that is occurring which you can recreate, I recommend that create some sort of script/code which record the properties of a specific user at a given interval, and then just keep running it as you move from one step to the other i the recreation of the problem.

但是您可能会看到这是对对象本身的删除,并且它没有提供有关对象属性何时更改的任何信息。您可以查看最后修改过的属性,但即使这样,您也无法知道哪个属性发生了更改(更可能是最后一次登录),所以再次左侧没有任何帮助。如果您尝试跟踪可以重新创建的问题,我建议创建某种脚本/代码,以给定的间隔记录特定用户的属性,然后在从一步移动时继续运行它对另一个我重新解决问题。