514 isn't the only value if its disabled. Remember it's a bitmask ... 514 = 512 OR 2. I once found a tutorial on how to do bitwise arithemetic in Excel to figure out if accounts were disabled - you'd AND the userAccountControl column with 2 and if it was true it's disabled.
Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Mike Newell > Sent: Wednesday, September 20, 2006 11:48 AM > To: [email protected] > Subject: RE: [ActiveDir] AD Reporting Tool? > > At the risk of sounding like a one trick pony, I'd have to go with > adfind from www.joeware.net. > > adfind -default -nodn -csv -f "(&(objectCategory=person)(objectclass= > user))" cn memberof useraccountcontrol > filename.csv > > You can clean it up in excel in just a few minutes (sort by CN, wrap the > memberof, find and replace useraccountcontrol EG: replace 512 with > normal user, 514 with disabled, etc. Look up the values here > http://support.microsoft.com/kb/305144/ Or, better yet, leave it with > the numeric values and hand them a printed copy of that article along > with the report and let the auditors figure it out. Should keep them > busy for a while;-) > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers > Sent: Wednesday, September 20, 2006 8:34 AM > To: [email protected] > Subject: [ActiveDir] AD Reporting Tool? > > Our auditors, for the first time, now suddenly want a report of all our > users in AD, what groups they are in, and if the account is disabled or > not. Is there a tool that I can get up to speed on quickly (today if > possible), run it against our AD, and get this report for them? > > Thanks in advance, folks. > > -- > Larry Wahlers > Concordia Technologies > The Lutheran Church - Missouri Synod > mailto:[EMAIL PROTECTED] > direct office line: (314) 996-1876 > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > This message and any attachments (the "Message") may contain confidential, > proprietary and/or privileged information and are only for their intended > recipient(s). If you are not the intended recipient, you should notify the > sender and delete the Message. E-mail transmissions cannot be guaranteed to be > secure or error-free. This Message is provided for information purposes and > should not be construed as a solicitation or offer to buy or sell any > securities or financial instruments, or to provide investment advice in any > jurisdiction where the sender is not properly licensed or permitted to do so. > This Message is subject to additional conditions and restrictions. Please > read them here: http://legal.dimensional.com/email/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
