Well you use a calculation to determine if an account is locked or expired or has an expired password. The calculation to know if it is true or not is done at the client unless submitting a specific query making the DC look for that info/setting outright. ADUC is a bulk display tool, it isn't doing a special query, it just says return these objects. Just as it has to do the useraccountcontrol&2 logic to determine a locked state, it could do the same for determining the other items. Once the info is at the machine, the cpu cost is minimal.
Where it might be felt is when displaying thousands of users or more. But then, ADUC is not a good tool to use in that situation anyway. If I walked into a site and saw admins with thousands of users doing their main management from ADUC I would probably start twitching as I know they are probably making mistakes and definitely not doing the job the most efficient way. It is good, I guess, for the occasional viewing. In that case, possibly MS would want to consider using VLV for the views in ADUC if it is available from the DC. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 12, 2006 10:34 AM To: [email protected] Subject: RE: [ActiveDir] Expired Accounts As Dean has suggested, this is not possible if the attribute is calculated and not stored. "Expired password" is not stored but instead is calculated (by comparing the pw policy settings with the pwdlastSet attribute) If you need to determine which users have an expired pw, for example, you may create a script which performs the necessary calculation. neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: 12 January 2006 14:18 To: [email protected] Subject: RE: [ActiveDir] Expired Accounts I believe it would be helpful if different icons could be used for disabled accounts, expired account, expired password, etc. Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 12, 2006 7:51 AM To: [email protected] Subject: RE: [ActiveDir] Expired Accounts Philosophical question really. How do you want the GUI to present things to you. The developers or whomever wrote the spec for the developers didn't feel it should. You also have to ask if accounts with locked passwords should show up that way and define if you mean expired accounts or expired passwords on accounts and whether or not you would differentiate them in that marking. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Thursday, January 12, 2006 8:35 AM To: [email protected] Subject: [ActiveDir] Expired Accounts Shouldn't expired accounts show up with a red X just like a disabled account? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
