Friday, July 14, 2006

LDAP Query to Active Directory

To make your life easier when trying to find the objects in AD:

Password never expired set:
(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Users never login:
(&(&(objectCategory=person)(objectClass=user))((lastLogon=0)(!(lastLogon=*))))

Users almost locked up:
(&(objectCategory=user)(badPwdCount>=2))

Find a particular email address:
(&(mail=*)(proxyAddresses=smtp:email@domain.com))
Posted by at

No comments:

Post a Comment