Yep it worked like a champ! Thanks Joe (bowing down again!) Alex
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, July 11, 2006 3:48 PM To: [email protected] Subject: RE: [ActiveDir] Account Password Expiration Tool This should do it oldcmp -report -users -bit -af "(useraccountcontrol:AND:=65536)" -sh If you want a listing of all accounts with that set you would add -age 0 You could also use adfind to get the info. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Tuesday, July 11, 2006 2:34 PM To: [email protected] Subject: [ActiveDir] Account Password Expiration Tool Do you know of any tools out there that would check for and list AD accounts whose "Password Never Expires" is checked and/or how old is a user's password; e.g. it would generate a report listing all accounts with password older than 90 days? The closest thing I can find is JoeWare's (bowing my head!) "FindExpAcc" tool with -pwd switch, but it only lists accounts with expired passwords. TIA Alex Alborzfard Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
