Solved

Active Directory Query

Posted on 2009-07-08
4
282 Views
Last Modified: 2012-05-07
I need to have someone explain to me how I can create a query in Windows 2003 AD that will allow me to query for user accounts that have no Account expiration date.  I tried the query wizard but could not find a selection with this account field for the descriptor.

0
Comment
Question by:rcaaron78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24803335

Hey,

A custom search should do it. You're using AD Users and Computers for this?

The trick is, AccountExpires, the attribute behind the named box has an odd value if the account never expires.

So, give this a try in the Custom Search, Advanced box:

(&(objectClass=user)(objectCategory=person)(accountExpires=9223372036854775807))

It should give you every user account which doesn't expire.

Chris
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 24811652
If you can use powershell - to automate the job once it's running fine

- install the powershell Quest's extensions - http://www.quest.com/powershell/
- adapt this powershell script and run it with an account having domain admin right

(if you run it "as this", it'll create a .CSV file with many fields you might not want)

At the end, call it from a .bat file, schedule it in windows

'hope it helps

Add-PSSnapin Quest.ActiveRoles.ADManagement
 
 
# ADAPT THIS:
$OU="OU=Userss,DC=yourcompany,DC=com"
 
$users = Get-QADUser -SearchRoot $OU -IncludedProperties "lastLogonTimestamp"
 
@(foreach($user in $users)
{
 
    $user | Select-Object parentContainer,DisplayName, LastLogonTimestamp,samaccountname,mail,accountexpires, `
    passwordLastSet, passwordExpires, accountIsDisabled, accountIsLockedOut, passwordNeverExpires, `
    userMustchangePassword
}) | export-Csv AD_lastlogon.csv -noType -encoding UTF8

Open in new window

0
 

Author Closing Comment

by:rcaaron78
ID: 31601055
Your solution was the correct query to ask, but the value that you gave only yielded about 10% of the affected users.  By changing this value to 0, I was able to get the query to return every user affected except one.  
0
 

Author Comment

by:rcaaron78
ID: 24860871
Chris,

I forgot to thank you for the solution.  For the most part, it worked great!  Take care.

Richard Aaron
Network Analyst
DRS TSI
Baghdad, Iraq
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question