Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

ADUC

In ADUC, if I run a query, i.e. non expiring passwords. If the account is returned with a white cross in a red circle to the left of the username, does that mean the account is disabled? or something else?
0
pma111
Asked:
pma111
  • 4
  • 3
1 Solution
 
Stelian StanNetwork AdministratorCommented:
YES that means that the account is disabled.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Yes, it is disabled manually or by script (initiated by administrator). But remember, disable doesn't mean locked :)

Regards,
Krzysztof
0
 
pma111Author Commented:
iSiek, please clarify your comment?

Also, in ADUC how can I do a query that just lists active (i.e. non disabled account) that have passwords that dont expire?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Krzysztof PytkoActive Directory EngineerCommented:
Wait a sec, please :)
0
 
pma111Author Commented:
Ok...
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK, check this doc I attached :)

I would suggest for that

DS Tools (dsquery) or Quest PowerShell cmd-lets

Much better.

Krzysztof
LDAP-query.pdf
0
 
pma111Author Commented:
Thanks will use your query.

When you said disabled doesnt mean locked, what did you mean.

As I understood it only an adminisrtator can re-enable a disabled account, a standard user couldnt, so disabled means disabled as far as the user is concerned, they couldnt use the account unless the admin un froze it, could they?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Locked account means that user typed few times his password incorrect. Then account is locked and administrator needs to unlock it to be able to log on.

Disabled account means that administrator disabled it because user left company or is on long holidays. Even I know its password, I cannot login.

Yes, administrator only can disable/enable accounts

Krzysztof
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now