Re: Password Expired Query
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Aug 2006 16:44:18 -0500
If you are curious about finding out more about how to actually implement
the queries yourself, we have a nice sample in our book in ch 10 that takes
you through it. Ch. 10 is available as a free download via the book's
website (see link below). The samples are in .NET (as you might guess from
the book's title), but the techniques are applicable to anyone trying to
issue their own LDAP query to do this. The .NET code samples are also
available on the website.
This type of query is notoriously hard to do in script because script has
really lousy support for Windows FILETIME and long integer data types, so
much of the calculation you have to do is a complete hack fest. It is very
clean in both .NET and C. I have seen people cobble something together in
script though.
If you just want to get this done, Joe R's tool is very easy. However, if
you want to write your own thing that supports this and want to code it
yourself, our stuff may help.
Best of luck,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Adam Simmonds (SimAda00)" <AdamSimmondsSimAda00@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:1CC949E9-A9F0-4CEC-A2EA-3181C81EA87F@xxxxxxxxxxxxxxxx
ok thanks for your time and attention
--
_________________________
Adam Simmonds
Systems Administrator
"Joe Richards [MVP]" wrote:
No.
The problem is there isn't a flag saying the account is expired, you
have to calculate an actual value to input into the LDAP query to
determine if an account or an account password is expired.
OldCmp can be used for finding expired passwords, if you want an expired
account (i.e. admin action to specify when an account is expired, not
that a password has exceeded no change policy) you can use findexpacc.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Adam Simmonds (SimAda00) wrote:
i was really looking for a way of doing it in the active directory
users and
computers console, as a saved query
.
- References:
- Re: Password Expired Query
- From: Jorge Silva
- Re: Password Expired Query
- From: Joe Richards [MVP]
- Re: Password Expired Query
- Prev by Date: Re: Modifying Security Group memberships require reboot!
- Next by Date: Re: ADAM on Win XP Pro 2002 SP2 without AD
- Previous by thread: Re: Password Expired Query
- Next by thread: Re: question about administrator dayly job
- Index(es):
Relevant Pages
|
