Wednesday, December 22, 2010

LDAP Query for Disabled and Password Never Expire Active Directory Objects

To query disabled computer objects in AD.

(&(objectclass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))

To query disabled user objects in AD.

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

To query user objects with Password Never Expires set in AD.

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

No comments: