Doh... Thanks Mike! But after running it, I got the following error: "ldap_get_next_page_s: [domaincontroller.xyz.com] Error 0x1 (1) - Operations Error"
Does it require Domain Admins privileges? Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Tuesday, July 11, 2006 3:06 PM To: [email protected] Subject: RE: [ActiveDir] Account Password Expiration Tool joe's tools again ( 8-) ): adfind -b ou=Employees,dc=xyz,dc=com -bit -f "&((objectcategory=person)(useraccountcontrol:AND:=65536))" samaccountname > c:\temp\pw_never_expires.txt Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Tuesday, July 11, 2006 1:34 PM To: [email protected] Subject: [ActiveDir] Account Password Expiration Tool Do you know of any tools out there that would check for and list AD accounts whose "Password Never Expires" is checked and/or how old is a user's password; e.g. it would generate a report listing all accounts with password older than 90 days? The closest thing I can find is JoeWare's (bowing my head!) "FindExpAcc" tool with -pwd switch, but it only lists accounts with expired passwords. TIA Alex Alborzfard Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
