Solved

Active Directory Query

Posted on 2009-07-08
4
268 Views
Last Modified: 2012-05-07
I need to have someone explain to me how I can create a query in Windows 2003 AD that will allow me to query for user accounts that have no Account expiration date.  I tried the query wizard but could not find a selection with this account field for the descriptor.

0
Comment
Question by:rcaaron78
  • 2
4 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24803335

Hey,

A custom search should do it. You're using AD Users and Computers for this?

The trick is, AccountExpires, the attribute behind the named box has an odd value if the account never expires.

So, give this a try in the Custom Search, Advanced box:

(&(objectClass=user)(objectCategory=person)(accountExpires=9223372036854775807))

It should give you every user account which doesn't expire.

Chris
0
 
LVL 7

Expert Comment

by:mchkorg
ID: 24811652
If you can use powershell - to automate the job once it's running fine

- install the powershell Quest's extensions - http://www.quest.com/powershell/
- adapt this powershell script and run it with an account having domain admin right

(if you run it "as this", it'll create a .CSV file with many fields you might not want)

At the end, call it from a .bat file, schedule it in windows

'hope it helps

Add-PSSnapin Quest.ActiveRoles.ADManagement
 
 
# ADAPT THIS:
$OU="OU=Userss,DC=yourcompany,DC=com"
 
$users = Get-QADUser -SearchRoot $OU -IncludedProperties "lastLogonTimestamp"
 
@(foreach($user in $users)
{
 
    $user | Select-Object parentContainer,DisplayName, LastLogonTimestamp,samaccountname,mail,accountexpires, `
    passwordLastSet, passwordExpires, accountIsDisabled, accountIsLockedOut, passwordNeverExpires, `
    userMustchangePassword
}) | export-Csv AD_lastlogon.csv -noType -encoding UTF8

Open in new window

0
 

Author Closing Comment

by:rcaaron78
ID: 31601055
Your solution was the correct query to ask, but the value that you gave only yielded about 10% of the affected users.  By changing this value to 0, I was able to get the query to return every user affected except one.  
0
 

Author Comment

by:rcaaron78
ID: 24860871
Chris,

I forgot to thank you for the solution.  For the most part, it worked great!  Take care.

Richard Aaron
Network Analyst
DRS TSI
Baghdad, Iraq
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question