RE : RE: [ActiveDir] finding users that password never expire.

Mon, 09 Oct 2006 11:30:00 -0700

Yes !  thanks, that works so well !! :o)
 
But many questions i have..
What is the difference between the query "userAccountControl=65536" and "(userAccountControl:1.2.840.113556.1.4.803:=65536)" ?
Why couldn(t i find any results with my first query ?
And how do you construct the ":1.2.840.113556.1.4.803:" part of the ldap query  ??
 
Thanks for your answer :)
 
Yann


"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> a écrit :
to search for accounts that HAVE the option "DONT_EXPIRE_PASSWORD" enabled
ADFIND -bit -default -f "(&(objectCategory=person)(objectClass=user)(userAccountControl:AND:=65536))"
 
and to use it with a saved query use as the LDAP filter:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))
 
with joe's ADFIND you can just specify AND or OR without the need to know the OID
OR is by the way: 1.2.840.113556.1.4.804
 
for the other values see:
MS-KBQ305144_How to Use the UserAccountControl Flags to Manipulate User Account Properties
 
jorge
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yann
Sent: Monday, October 09, 2006 17:44
To: [email protected]
Subject: [ActiveDir] finding users that password never expire.

Hello all,
 
I had to do dump in AD all users whose password never expires.
I used the saved queries with this custom ldap query :
useraccountcontrol=66048 which corresponds to NORMAL_ACCOUNT & DONT_EXPIRE_PASSWORD properties flag.
BUT i found that this search was not complete, because some users have other properties flag such as
UF_ACCOUNTDISABLE | UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD or UF_ACCOUNTDISABLE | UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD | UF_NOT_DELEGATED ... :(
 
So the question is:
How to search for user accounts that have at least the DONT_EXPIRE_PASSWORD property flag set to their useraccountcontrol ?
Is there a way to do it with a custom ldap query ?
 
Thanks,
 
Yann
Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Demandez à ceux qui savent sur Yahoo! Questions/Réponses.

Reply via email to