Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DSQUERY a group for expiring passwords

Posted on 2009-05-03
5
Medium Priority
?
2,418 Views
Last Modified: 2013-12-19
I am trying to figure our how to use DSQUERY to query users accounts who will expire within a certian timeframe from a specific group. I can successfully use dsquery user -stalepwd 55 for example but this queries all users in AD.

How can I use this to check a specific group of users only? I tried playing arounf with the dsquery group command but cannot seem to get it right.
0
Comment
Question by:FphcareEnginner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24292669
Are you trying to query users in a "group" or an "ou"?
0
 

Author Comment

by:FphcareEnginner
ID: 24292776
I am trying to dsquery users in a group. Basically, i want to see when our OWA users are near to expiry.
0
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24292821
I cannot find anything about piping a dsquery -stalepwd into a dsget group.

but i would suggest using dsget group "groupDN" -members and using csvde to export them to a csv file.

then use csvde to import them and run a dsquery on the file.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 750 total points
ID: 24293365

I would suggest a much easier tool to do this than dsquery. Download the memberOf tool from Active Directory MVP Joe: http://www.joeware.net/freetools/tools/memberof/index.htm.

Extract the contents, then at a command line, use the command:

FindExpAcc -pwd -days 55 -f "(&(objectClass=User)(memberOf=% DN of the Security Group %))"

That will return all the users in the security group specified who will have a password expiring in 55 days or less.

If you need a quick way to find out the DN of the security group, download ADFind (from the same site): http://www.joeware.net/freetools/tools/adfind/index.htm. Extract the tool then run

adfind -sc g:Name of Group

The first line of the output will be the DN which you can then use in the FindExpAcc command.

-Matt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24299305

Hey,

I think my solution did what you needed. Was there therefore any reason for the 'B' grade?
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question