--> (Word) | --> (PDF) | --> (Epub) | --> (Text) |
--> (XML) | --> (OpenOffice) | --> (XPS) | --> (MHT) |
Use Saved Queries to quickly locate all locked out user accounts.
You can use the Saved Queries feature of Windows Server 2003 to query Active Directory for any locked-out accounts. Just open the Active Directory Users and Computers console, right-click on Saved Queries in the console tree and select New –> Query.
(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))
Click OK twice to create and run the saved query.
The string works on Windows Server 2003 SP1.
Update: Here’s another LDAP query that finds all locked out accounts:
(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))
SOLUTION (Alternative) by HeelpbBook Staff
If none of these works you could try the following one, tested even on R2 releases:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))
Hope this helps!
SOURCE | LINK (kapothi.com) | LANGUAGE | ENGLISH |