Re: Active Directory Query for Enabled Users
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Fri, 01 Sep 2006 00:36:15 -0400
All one line
adfind -b OU_DN -bit -dn -f "&(objectcategory=person)(objectclass=user)(!(useraccountcontrol:AND:=2))"
Note that since this uses a NOT query (only way to do it) it is possible you can get false positives in the event that you don't have access to read the userAccountControl value. If that occurs you can use this longer but more accurate filter
"&(objectcategory=person)(objectclass=user)(useraccountcontrol=*)(!(useraccountcontrol:AND:=2))"
That will only return values that you have the permission to read the useraccountcontrol and the useraccountcontrol doesn't have the disabled bit set.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
jdh201 wrote:
This seems kind of simple considering that finding the disabled users requires a check box to be turned on, but I need the oposite. I need a way to list all of the users in and OU that are enabled. I may be missing something really simple, but could someone please help me?.
- Prev by Date: Re: AD and Expired Password Checking and how to test?
- Next by Date: Re: need vb script
- Previous by thread: Re: Domain Controller Security Policy
- Next by thread: Re: Resolving SIDs to user names
- Index(es):
Relevant Pages
|
