I didn't catch it because I didn't bother enough to read the adfind syntax. If you'd provided a standard LDAP-Filter with DSQuery ...
;-) Gruesse - Sincerely, Ulf B. Simon-Weidner Profile & Publications: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Friday, May 19, 2006 9:41 PM >To: [email protected] >Subject: RE: [ActiveDir] OldCmp question > >I just realized I told you how to INCLUDE disabled accounts - >you want NOT DISABLED accounts. So you want to NOT what I >indicated, however you have to add to it to avoid a false positive. > >-af "(&(useraccountcontrol=*)(!(useraccountcontrol:AND:=2)))" > > >One thing to note with NOT filters... Well two actually... > >1. NOT filters are inefficient. But then so are bitwise >filters. ;o) 2. NOT filters can have false positives. An >account could have the value set that you are trying to avoid >but if the account trying to access the info doesn't have the >access to see that value, it will be still be returned. >This is why the extra useraccountcontrol=* in the filter. > >The list is sleeping, they should have been all over me on >that dork up. ><eg> > > >Too late now Al, Dean and Deji.... Princess, don't worry I >will explain it to you next time I see you. ;o) > > > joe > >------ >I am 78% Evil Genius > >I am pure evil. I lie awake at night devising schemes of world >domination, and I will not rest until all living souls bend to my will. > >Take the Evil Genius Test at fuali.com > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Friday, May 19, 2006 11:41 AM >To: [email protected] >Subject: RE: [ActiveDir] OldCmp question > >Disabled accounts are marked by having bit 1 list on >userAccountControl (value 2) > >To exclude them you want -af "useraccountcontrol:AND:=2" and -bit > > >I just realized I have an -onlydisabled switch, I should add a >-onlynotdisabled I guess... > > > >-- >O'Reilly Active Directory Third Edition - >http://www.joeware.net/win/ad3e.htm > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >Rimmerman, Russ >Sent: Friday, May 19, 2006 11:25 AM >To: [email protected] >Subject: [ActiveDir] OldCmp question > >Anyone know a way to easibly filter out disabled accounts from >the oldcmp -users report? Would one have to use some sort of >bitwise filter from a translation of a useraccountcontrol >66048 value or something? > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >This e-mail is confidential, may contain proprietary >information of Cameron and its operating Divisions and may be >confidential or privileged. > >This e-mail should be read, copied, disseminated and/or used >only by the addressee. If you have received this message in >error please delete it, together with any attachments, from >your system. >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
