Big fat ditto - and even better in the support tools. Gruesse - Sincerely,
Ulf B. Simon-Weidner Profile & Publications: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811 D Weblog: http://msmvps.org/UlfBSimonWeidner Website: http://www.windowsserverfaq.org >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of joe >Sent: Tuesday, May 23, 2006 5:31 AM >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] OldCmp question > >I wouldn't be adverse to seeing at least adfind and admod in >the support or resource kit tools. :) > > >-- >O'Reilly Active Directory Third Edition - >http://www.joeware.net/win/ad3e.htm > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. >Simon-Weidner >Sent: Sunday, May 21, 2006 11:06 AM >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] OldCmp question > >I agree that ds-tools lack some possibilities, and I'd prefer >MS putting your tools into their product, however in most >scenarios I've been working in they are not allowed to put >additional software in their domain unless it's prooved, and >the use of your tools is not important enough the justify this >hazzle. So I'm mainly limited to ds-tools or vbs. > >Something like this should work: > >Dsquery user -stalepwd 90 | dsget user -dn -disabled | find "No" > >Gruesse - Sincerely, > >Ulf B. Simon-Weidner > > Profile & Publications: >http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B48 >9-F2F1214C811 >D > Weblog: http://msmvps.org/UlfBSimonWeidner > Website: http://www.windowsserverfaq.org > > > > >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of joe >>Sent: Saturday, May 20, 2006 6:24 PM >>To: ActiveDir@mail.activedir.org >>Subject: RE: [ActiveDir] OldCmp question >> >>Hmm good point... Well except we were talking about oldcmp instead of >>adfind... Fun though that the switches are so close... >> >>So what are the switches and the filter to use with dsquery to get an >>html listing of all enabled users whose password age is 90 days or >>older? >> >> >>:) >> >> >> >> >>-- >>O'Reilly Active Directory Third Edition - >>http://www.joeware.net/win/ad3e.htm >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. >>Simon-Weidner >>Sent: Saturday, May 20, 2006 2:56 AM >>To: ActiveDir@mail.activedir.org >>Subject: RE: [ActiveDir] OldCmp question >> >>I didn't catch it because I didn't bother enough to read the adfind >>syntax. >>If you'd provided a standard LDAP-Filter with DSQuery ... >> >>;-) >> >>Gruesse - Sincerely, >> >>Ulf B. Simon-Weidner >> >> Profile & Publications: >>http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B48 >>9-F2F1214C811 >>D >> Weblog: http://msmvps.org/UlfBSimonWeidner >> Website: http://www.windowsserverfaq.org >> >> >> >> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of joe >>>Sent: Friday, May 19, 2006 9:41 PM >>>To: ActiveDir@mail.activedir.org >>>Subject: RE: [ActiveDir] OldCmp question >>> >>>I just realized I told you how to INCLUDE disabled accounts - >>you want >>>NOT DISABLED accounts. So you want to NOT what I indicated, >>however you >>>have to add to it to avoid a false positive. >>> >>>-af "(&(useraccountcontrol=*)(!(useraccountcontrol:AND:=2)))" >>> >>> >>>One thing to note with NOT filters... Well two actually... >>> >>>1. NOT filters are inefficient. But then so are bitwise >>filters. ;o) 2. >>>NOT filters can have false positives. An account could have >the value >>>set that you are trying to avoid but if the account trying to access >>>the info doesn't have the access to see that value, it will >>be still be >>>returned. >>>This is why the extra useraccountcontrol=* in the filter. >>> >>>The list is sleeping, they should have been all over me on that dork >>>up. >>><eg> >>> >>> >>>Too late now Al, Dean and Deji.... Princess, don't worry I >>will explain >>>it to you next time I see you. ;o) >>> >>> >>> joe >>> >>>------ >>>I am 78% Evil Genius >>> >>>I am pure evil. I lie awake at night devising schemes of world >>>domination, and I will not rest until all living souls bend >>to my will. >>> >>>Take the Evil Genius Test at fuali.com >>> >>> >>> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of joe >>>Sent: Friday, May 19, 2006 11:41 AM >>>To: ActiveDir@mail.activedir.org >>>Subject: RE: [ActiveDir] OldCmp question >>> >>>Disabled accounts are marked by having bit 1 list on >>userAccountControl >>>(value 2) >>> >>>To exclude them you want -af "useraccountcontrol:AND:=2" and -bit >>> >>> >>>I just realized I have an -onlydisabled switch, I should add a >>>-onlynotdisabled I guess... >>> >>> >>> >>>-- >>>O'Reilly Active Directory Third Edition - >>>http://www.joeware.net/win/ad3e.htm >>> >>> >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, >>>Russ >>>Sent: Friday, May 19, 2006 11:25 AM >>>To: ActiveDir@mail.activedir.org >>>Subject: [ActiveDir] OldCmp question >>> >>>Anyone know a way to easibly filter out disabled accounts from the >>>oldcmp -users report? Would one have to use some sort of bitwise >>>filter from a translation of a useraccountcontrol >>>66048 value or something? >>> >>> >>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>This e-mail is confidential, may contain proprietary information of >>>Cameron and its operating Divisions and may be confidential or >>>privileged. >>> >>>This e-mail should be read, copied, disseminated and/or used only by >>>the addressee. If you have received this message in error >>please delete >>>it, together with any attachments, from your system. >>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> >>>List info : http://www.activedir.org/List.aspx >>>List FAQ : http://www.activedir.org/ListFAQ.aspx >>>List archive: >>>http://www.mail-archive.com/activedir%40mail.activedir.org/ >>> >>>List info : http://www.activedir.org/List.aspx >>>List FAQ : http://www.activedir.org/ListFAQ.aspx >>>List archive: >>>http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >>List info : http://www.activedir.org/List.aspx >>List FAQ : http://www.activedir.org/ListFAQ.aspx >>List archive: >>http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >>List info : http://www.activedir.org/List.aspx >>List FAQ : http://www.activedir.org/ListFAQ.aspx >>List archive: >>http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/