Account expired

[Santos]

Hi

Is there any way to know the expired accounts in AD ?

Thanks

 

[Dave Shaw [MVP]]

By "expired", I assume you mean "password expired"? Or do you mean the
account had an expiration date and time?

If you meant password expired, you can use DSQUERY as follows:

DSQUERY USER -o SAMID -INACTIVE x
(Finds the SAM ID of all accounts that have been inactive for x number of
days.)

or

DSQUERY USER -o DN -STALEPWD x
(Finds the distinguished name of all accounts that have not changed their
passwords for x number of days)


HTH

-ds

 

[Jerold Schulman]

Hi

Is there any way to know the expired accounts in AD ?

Thanks

AND
if you mean account expires, then:

@echo off
setlocal
call univdate
set /a mm=100%mm%%%100
if %mm% LSS 10 set mm=0%mm%
set /a dd=100%dd%%%100
if %dd% LSS 10 set dd=0%dd%
set /a yy=10000%yy%%%10000
if %yy% LSS 2000 set /a yy=%yy% + 2000
set ymd=%yy%%mm%%dd%
set qry1=dsquery user -name *
set qry2=dsget user -samid -acctexpires -disabled
set fnds=findstr /L /I /V /C:"dsget succeeded" /C:"acctexpires"
for /f "Tokens=1,2*" %%a in ('%qry1% ^| %qry2% ^|%fnds%') do (
if /i "%%c" NEQ "yes" if /i "%%b" NEQ "never" call :exp "%%a" %%b
)
endlocal
goto :EOF
:exp
set w1=%2
set w2=%w1:~6,4%%w1:~0,2%%w1:~3,2%
if %w2% GTR %ymd% goto :EOF
@echo %1 %2


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Jerold Schulman]

I forgot to mention that Univdate is at tip 4835 in the 'Tips & Tricks' at
http://www.jsiinc.com

Hi

Is there any way to know the expired accounts in AD ?

Thanks

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Santos]

Thank a lot Dave !

Does "x" mean the number of days? If so, in the commande
line shall I put "x" or, for example, "30 days"?

Santos.

 

[Santos]

Many thanks Jerold !

I will copy and paste the script as is, and try it.

Santos.