• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Active Directory Query

I need to have someone explain to me how I can create a query in Windows 2003 AD that will allow me to query for user accounts that have no Account expiration date.  I tried the query wizard but could not find a selection with this account field for the descriptor.

0
rcaaron78
Asked:
rcaaron78
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Hey,

A custom search should do it. You're using AD Users and Computers for this?

The trick is, AccountExpires, the attribute behind the named box has an odd value if the account never expires.

So, give this a try in the Custom Search, Advanced box:

(&(objectClass=user)(objectCategory=person)(accountExpires=9223372036854775807))

It should give you every user account which doesn't expire.

Chris
0
 
mchkorgCommented:
If you can use powershell - to automate the job once it's running fine

- install the powershell Quest's extensions - http://www.quest.com/powershell/
- adapt this powershell script and run it with an account having domain admin right

(if you run it "as this", it'll create a .CSV file with many fields you might not want)

At the end, call it from a .bat file, schedule it in windows

'hope it helps

Add-PSSnapin Quest.ActiveRoles.ADManagement
 
 
# ADAPT THIS:
$OU="OU=Userss,DC=yourcompany,DC=com"
 
$users = Get-QADUser -SearchRoot $OU -IncludedProperties "lastLogonTimestamp"
 
@(foreach($user in $users)
{
 
    $user | Select-Object parentContainer,DisplayName, LastLogonTimestamp,samaccountname,mail,accountexpires, `
    passwordLastSet, passwordExpires, accountIsDisabled, accountIsLockedOut, passwordNeverExpires, `
    userMustchangePassword
}) | export-Csv AD_lastlogon.csv -noType -encoding UTF8

Open in new window

0
 
rcaaron78Author Commented:
Your solution was the correct query to ask, but the value that you gave only yielded about 10% of the affected users.  By changing this value to 0, I was able to get the query to return every user affected except one.  
0
 
rcaaron78Author Commented:
Chris,

I forgot to thank you for the solution.  For the most part, it worked great!  Take care.

Richard Aaron
Network Analyst
DRS TSI
Baghdad, Iraq
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now