Have you ever wanted to know at the click of a button – what accounts have the password set to never expire or create a list of all disabled users?
This is where the Active Directory Users and Computers “Saved Queries” feature can be utilised.
Open Active Directory Users and Computers (dsa.msc)
Navigate to Saved Queries
Right Click on Saved Queries
Populate the Name and Description with something meaningful.
Select Define Query
You can now create your query – in this example we are to find All disabled users.
From the find dialogue
Select Custom Search
Paste in the following LDAP query
Click on Saved Query and it will be populated with the information requested.
If you want to export the results in to Excel – then right click the query and select export list and save as a CSV or TAB deliminated file (Top Tip – Do not use comma’s in any of your Active Directory fields as this will displace your columns).
Other custom queries include:
All users whose password never expires:
All users created after xx/xx/xxxx (01/01/2009)
Must change password at next logon
Password has expired
Account is locked out
Users who have never logged on
All XP based Operating Systems
All Windows 7/2008 R2 based Operating Systems
Commonly used LDAP Syntax which can be utilised with the Saved Queries feature.
& logical and
| logical or
! logical not
= equal to
~= approximately equal to
>= e qual to or greater than
<= less than or equal to
I would recommend experimenting with this feature as you can extract a lot of useful information out of Active Directory without the need for custom code or scripts.
If you need a hand with querying your Active Directory for information, please feel free to contact me as I have just touched on this capability here and there is much more you can achieve with this feature, once you have your head around the syntax and query structure.