So isn't AdFind, then, a tool? So we're back to six of one, half dozen of the other. If this ALOinfo tool does the same thing as Adfind, then one is as good as the other. At least for this one application. Yes, I know that with ADFind, you can do a whole lot more than just find password ages, but still...
>>> "Crawford, Scott" <crawfo...@evangel.edu> 6/15/2010 5:47 PM >>> You can find AdFind, along with many other goodies here: http://joeware.net/freetools/tools/adfind/index.htm -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, June 15, 2010 7:15 PM To: NT System Admin Issues Subject: Re: Password policy enforcement after a change On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob <r...@pge.com> wrote: > You don't need a tool, just do an LDAP query for pwdLastSet. I would use > adfind as it will decode the timestamps, dump to a csv and massage in > excel. I don't seem to have an "ADFIND" command. Is that new in 2003/2008 or something? > ADFIND -default -f "(&(objectCategory=person)(objectClass=user))" > pwdLastSet -tdc -csv Thanks! The query will be good to have around for future reference, even if I don't end up using it for *this* project. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~