Tuesday, September 11, 2012

TIPS & TRICKS: Active Directory Users & Computers Filtering

Handy little LDAP query to filter users who have not changed passwords after a certain date (in this case, September 5th) (all one line):


(&(objectCategory=user)(pwdLastSet>=129913020000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))


Here are the steps to run the filter:
  • In ADUC, click on Set Filtering options icon
  • click "Create custom", then Customize button
  • click on Advanced tab, then enter (or copy/paste) LDAP query:
    • (&(objectCategory=user)(pwdLastSet>=129913020000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  • then click OK button, then OK again to close Filter Options
  • In OU list at left, navigate to your OU, which will now show only users who have changed password since cutoff time.
  • 129913020000000000 = number of 100 nanosecond intervals since Jan 1, 1601 to 9/5/2012 12:00 AM.
  • (!(userAccountControl:1.2.840.113556.1.4.803:=2)) is a bitwise operation to exclude disabled users.
  • If you want to return to seeing all users and objects, you need to clear the filter, by clicking on Set Filtering options icon, then click "Show all types of objects"
  • You can reverse the query to see users who haven't changed password yet, by changing the query string >= to <=




Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)