ashaheed
asked on
Search for Users with Published Certificates in AD
Does anyone know how to find all users in AD with published certificates? My org needs to know so that we can start disabling those account that do not contain a certificate. The published certiticates cannot be seen unless you check 'advanced options' in AD users and computers. But when I want to do a search under AD i cannot use that field to search. Any clues? Thanks guys!
ASKER
This is great. I downloaded the tool from the site you mentioned and it does what I want except I need to export this somehow in a report. The screen just keeps scrolling and scrolling with tons of info. Is there anyway to export it into a managable form (.xls, .csv, .txt)?
Thanks again!
Thanks again!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you want to query directly in ADUC, create a custom query entering the following under Advanced > Enter LDAP query or you can rename the attached txt file to .XML, import under Saved Queries and reset the OU:
(&(&(&(&(objectCategory=pe rson)(obje ctClass=us er)(!userC ertificate =*)))))
NoCerts.txt
(&(&(&(&(objectCategory=pe
NoCerts.txt
adfind -default -f "(&(objectclass=user)(obje
tificate=*))"
To find users who -don't- have certificates, simply put a ! in front of userCertificate, like so:
adfind -default -f "(&(objectclass=user)(obje
tificate=*))"
HTH
Laura E. Hunter - Microsoft MVP: Windows Server - Networking