Using LDAP syntax to find disabled user account
Hi Experts. I am using the saved queries option in ADUC (AD Users and Computers) and wasn't sure what the ldap syntax is for finding the disabled user accounts in my OU. I have been looking around the web for an hour or so and see some examples but I can't seem to make one work. Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Pber
There is also a built in query within Saved Queries. Just select Define Query and on the User TAB just check Disabled accounts. Or you can use the custom query above.
ASKER
smart@ss for making it look so easy. : )
Awesome job! Thanks for the help.
Awesome job! Thanks for the help.
ASKER
I was trying to combine two searches at once and I guess that wasn't such a good idea. I will resort to doing one at a time. I like your LDAP entry.
Heh Heh,
Glad to help.
Glad to help.
ASKER
Take care!
-Aaron
-Aaron
What two queries are you trying to join?
ASKER
Good question!
Query 1) The pre-Windows 2000 logon name <this is for the user accounts we had before merging> and 2) trying to find out which accounts were disabled. I figured I would try to get the list of user accounts and the ones that were disabled would be included. I'm sure I dorked something up in the process.
Query 1) The pre-Windows 2000 logon name <this is for the user accounts we had before merging> and 2) trying to find out which accounts were disabled. I figured I would try to get the list of user accounts and the ones that were disabled would be included. I'm sure I dorked something up in the process.
ASKER
If you know how, I will create a new question and have you answer.
The Pre-Windows 2000 logon name attribute is "sAMAccountName".
All accounts will have one, even non migrated accounts.
Thus to find disabled accounts with a prefix of "ADC_" the query would be:
(&(objectCategory=person)(
All accounts will have one, even non migrated accounts.
Thus to find disabled accounts with a prefix of "ADC_" the query would be:
(&(objectCategory=person)(
Don't worry about a new questions.
woops, that was missing a trailing bracket:
Try this:
(&(objectCategory=person)(
Try this:
(&(objectCategory=person)(
ASKER
You're awesome! Wish I would have posted that sooner and saved the frustration. You sure about the points for a new question? As I get more involved with the AD management (everyone that was doing it is gone, so I have a little learning curve), I am sure I will be asking more questions.
I will try out the query you posted.
I will try out the query you posted.
Once again. Glad to help.
I never mind posting follow ups to a question.
Don't worry about a new question, I don't need the points.
(:
I never mind posting follow ups to a question.
Don't worry about a new question, I don't need the points.
(:
ASKER
I tried out the query and it produced "no results". It didn't even list the people with the pre-Windows 2000 login. I was hoping it would list all the users in the OU and include the accounts that were disabled but nothing showed up.
This will list all disabled users that the Pre Windows 2000 logon name starts with ADC_
&(objectCategory=person)(o
This will list all enabled users that the Pre Windows 2000 logon name starts with ADC_
&(objectCategory=person)(o
What do you want to list? Just all users within an OU?
&(objectCategory=person)(o
This will list all enabled users that the Pre Windows 2000 logon name starts with ADC_
&(objectCategory=person)(o
What do you want to list? Just all users within an OU?