Solved

non expiring and enabled/disabled in ADUC

Posted on 2014-02-11
6
563 Views
Last Modified: 2014-02-20
is there anyway in ad users and computers to run a report of all users who have non-expiring password, and also their account status, i.e. enabled or disabled?
0
Comment
Question by:pma111
6 Comments
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 39849743
This script can help you to find all the none expired passwords:

http://gallery.technet.microsoft.com/scriptcenter/Know-All-User-Accounts-in-721c81f3
0
 
LVL 3

Author Comment

by:pma111
ID: 39849746
i dont want to use a script i want to use aduc, thanks.
0
 
LVL 11

Accepted Solution

by:
Manjunath Sullad earned 500 total points
ID: 39849795
open ADUC and do the following.

Right-click Saved Queries and click the New-Query option
Type in a name for your saved query, such as Find all Non expiring PW Users
Click the Define Query button
Under the Find drop-down list, select Custom Search
Click the Advanced tab
Type in (objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Click the OK button to save the custom entry, then click on the OK button to save the query
Now you should see all users with the flage pw never expires

Click the Export List button from the top of the ADUC windows and save to txt file.



Refer : http://social.technet.microsoft.com/Forums/windowsserver/en-US/e979eb85-8269-4004-bc71-18d9b49d4416/how-to-check-list-users-in-my-ad-configured-with-password-never-expires?forum=winserverDS
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:pma111
ID: 39849797
will this list account status i.e. enabled/disabled?
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39849817
You need to export disabled user list seperately, then compare with password never expiry list.

Refer below link to export disabled user list.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/074e3391-000d-4713-a495-ad743c2f11e3/active-directory-users-and-computers?forum=winservergen


Export these two list to excel and compare these list, You will get Password never expiry with account disabled / enabled user list.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39849976
You could use Bulk AD users Freeware tool from Wise soft

There is option called properties to load where you can put whatever attributes you are looking and then export this list to csv file

The search scope can be entire domain, OU or simply users list if you already have

To check account status add userAccountControl attribute and to check if it is having non expiring password add accountExpires

Tool can be run on any server \ client OS from 2003 and do not require PowerShell

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx

Mahesh
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now