The locked accounts filter is locked in time though, you need to recalculate the filetime each time you run the query or else you can get false positives.
The disabled users query will obviously work. Just one small change. I would replace (objectcategory=user) with (objectcategory=person)(objectclass=user). Of course if you indexed objectclass, then you can replace it with (objectclass=user). Objectcategory=user will end up getting converted to objectcategory=person and you want the objectclass=user to filter out contacts or anything else with objectcategory=person that isn't a user (dependent on your schema). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Wednesday, August 03, 2005 12:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes > I would like to see the ability to just filter locked accounts or disabled accounts > from the MMC Gui with out having to write complicated scripts. That's actually quite easy now, using the saved query option in 2003's ADUC, in which you can add pre-defined queries to the MMC (which run at domain-scope at a max): - locked accounts: (&(objectCategory=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)) - disabled accounts: (&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.804:=2)) * I'll second the gripe, that these should be somehow storable in AD (maybe "global saved queries" saved in AD vs. "local saved qeueries" which are stored in the user's profile as it's done now) /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Mittwoch, 3. August 2005 17:55 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes Good Morning, I would like to see the ability to just filter locked accounts or disabled accounts from the MMC Gui with out having to write complicated scripts. Another thing I have been asking for since NT 3.51 is the ability to enable email alerts, such as when an account is locked out, it will send an alert to the admin or a group, instead of having to try and check through the event logs. Another feature that may be useful is being able to select an account and run a report that would show all the groups, and file's on every server in the domain that the account has access too. I realize that there are third party utilities that can do this now, however since your asking of what I would like to see improved, I thought I would throw in my two cents. Peace! Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org ------------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert N. Leali Sent: Wednesday, August 03, 2005 8:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Biggest AD Gripes It would be nice if the LimitLogin V 1.0 functionality were built into AD some how. Haven't looked in a while. Maybe they've come out with something better. Robert ---- The information contained in this e-mail transmittal, including any attached document(s) is confidential. The information is intended only for the use of the named recipient. If you are not the named recipient, you are hereby notified that any use, disclosure, copying, or distribution of the contents hereof is strictly prohibited. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
