Pardon my ignorance, but I have one more question: where do I get a list of all of user or computer object attributes and values as it was used in "(useraccountcontrol:AND:=65536)"? For instance if I want to enumerate all the user accounts with User Must Change Password at Next Logon" or computers that are running WIN2K PRO.
Also I noticed the OU exclusion switch (-excldn) did not work in the case of multiple OUs. Is it perhaps because they had space in their names? TIA Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, July 11, 2006 3:48 PM To: [email protected] Subject: RE: [ActiveDir] Account Password Expiration Tool This should do it oldcmp -report -users -bit -af "(useraccountcontrol:AND:=65536)" -sh If you want a listing of all accounts with that set you would add -age 0 You could also use adfind to get the info. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Tuesday, July 11, 2006 2:34 PM To: [email protected] Subject: [ActiveDir] Account Password Expiration Tool Do you know of any tools out there that would check for and list AD accounts whose "Password Never Expires" is checked and/or how old is a user's password; e.g. it would generate a report listing all accounts with password older than 90 days? The closest thing I can find is JoeWare's (bowing my head!) "FindExpAcc" tool with -pwd switch, but it only lists accounts with expired passwords. TIA Alex Alborzfard Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
