Active Directory: Permanent Queries in AD Users and Computers.

Have you ever wanted to know at the click of a button – what accounts have the password set to never expire or create a list of all disabled users?

This is where the Active Directory Users and Computers “Saved Queries” feature can be utilised.

Open Active Directory Users and Computers (dsa.msc)

Navigate to Saved Queries

Right Click on Saved Queries
Select New
Select Query

Populate the Name and Description with something meaningful.

Select Define Query

You can now create your query – in this example we are to find All disabled users.

From the find dialogue

Select Custom Search

Select Advanced

Paste in the following LDAP query


Select OK

Select OK

Click on Saved Query and it will be populated with the information requested.

If you want to export the results in to Excel – then right click the query and select export list and save as a CSV or TAB deliminated file (Top Tip – Do not use comma’s in any of your Active Directory fields as this will displace your columns).

Other custom queries include:

All users whose password never expires:

All users created after xx/xx/xxxx (01/01/2009)

Must change password at next logon

Password has expired

Account is locked out

Users who have never logged on

All XP based Operating Systems

All Windows 7/2008 R2 based Operating Systems

Commonly used LDAP Syntax which can be utilised with the Saved Queries feature.

&  logical and
|  logical or
!  logical not
=  equal to
~=  approximately equal to
>= e qual to or greater than
<=  less than or equal to

I would recommend experimenting with this feature as you can extract a lot of useful information out of Active Directory without the need for custom code or scripts.

If you need a hand with querying your Active Directory for information, please feel free to contact me as I have just touched on this capability here and there is much more you can achieve with this feature, once you have your head around the syntax and query structure.

8 thoughts on “Active Directory: Permanent Queries in AD Users and Computers.

  1. Hello,

    Thanks for the update. I have one query :
    I need query to export a excel file from AD for the list of Active users which is created in last 6 moths. lets say from from 1st July 2009 to 28th feb 2010.


  2. Do you know in which path the queries are saved? I can’t find them in the registry, so it has to be in the userprofile, but I can’t find.

  3. Do you know where these queries are saved? I would like to move my queries to another machine. Right now I must export each one. There must be a better way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.