Solved

DSQUERY a group for expiring passwords

Posted on 2009-05-03
5
2,334 Views
Last Modified: 2013-12-19
I am trying to figure our how to use DSQUERY to query users accounts who will expire within a certian timeframe from a specific group. I can successfully use dsquery user -stalepwd 55 for example but this queries all users in AD.

How can I use this to check a specific group of users only? I tried playing arounf with the dsquery group command but cannot seem to get it right.
0
Comment
Question by:FphcareEnginner
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24292669
Are you trying to query users in a "group" or an "ou"?
0
 

Author Comment

by:FphcareEnginner
ID: 24292776
I am trying to dsquery users in a group. Basically, i want to see when our OWA users are near to expiry.
0
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24292821
I cannot find anything about piping a dsquery -stalepwd into a dsget group.

but i would suggest using dsget group "groupDN" -members and using csvde to export them to a csv file.

then use csvde to import them and run a dsquery on the file.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24293365

I would suggest a much easier tool to do this than dsquery. Download the memberOf tool from Active Directory MVP Joe: http://www.joeware.net/freetools/tools/memberof/index.htm.

Extract the contents, then at a command line, use the command:

FindExpAcc -pwd -days 55 -f "(&(objectClass=User)(memberOf=% DN of the Security Group %))"

That will return all the users in the security group specified who will have a password expiring in 55 days or less.

If you need a quick way to find out the DN of the security group, download ADFind (from the same site): http://www.joeware.net/freetools/tools/adfind/index.htm. Extract the tool then run

adfind -sc g:Name of Group

The first line of the output will be the DN which you can then use in the FindExpAcc command.

-Matt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24299305

Hey,

I think my solution did what you needed. Was there therefore any reason for the 'B' grade?
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

"Disruption" is the most feared word for C-level executives these days. They agonize over their industry being disturbed by another player - most likely by startups.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now