creating AD reports for users with password set to never expire

Discussion in 'Active Directory' started by Patriot, Oct 31, 2007.

  1. Patriot

    Patriot Guest

    Is there a way that one can create a report from AD to see which users are
    setup with "Password Never Expires" permissions? Thank you.
     
    Patriot, Oct 31, 2007
    #1
    1. Advertisements

  2. The filter to retrieve all users with "Password Never Expires" set would be
    (watch line wrapping):

    (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))



    This can be used to filter in ADUC, or with most command line utilities. Or
    you can use ADO in a VBScript program. See this link for details:



    http://www.rlmueller.net/ADOSearchTips.htm



    Using the terminology in the above link, your filter would be defined by:



    strFilter = "(&(objectCategory=person)(objectClass=user)" _

    & "(userAccountControl:1.2.840.113556.1.4.803:=65536))"
     
    Richard Mueller [MVP], Oct 31, 2007
    #2
    1. Advertisements

  3. Patriot

    Patriot Guest

    I didn't really understand.

    What I did in order to get my results is open ADUC and create a new query >
    Define Query > Then checked Non Expiring passwords...works for me.

    Thank you.
     
    Patriot, Oct 31, 2007
    #3
  4. It took me awhile to find what you are talking about. The Saved queries are
    only available in W2k3. When you right click the "Saved queries" node and
    select "New query", then click "Define Query" you can check "non-expiring
    passwords". When you click OK you will see that the query is exactly what I
    suggested.

    In either W2k or W2k3 ADUC you can click "View", "Filter Options...", select
    "Create Custom" and click "Customize", then click the "Advanced" tab and
    enter the same LDAP query.

    The same query can be used with several command line utilities, such as
    ADFind.

    --
    Richard Mueller
    Microsoft MVP Scripting and ADSI
    Hilltop Lab - http://www.rlmueller.net
    --

     
    Richard Mueller [MVP], Nov 1, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.