filter to show disabled accounts

Discussion in 'Microsoft Windows 2000 Active Directory' started by rbrandon@fmcg.com, Nov 5, 2003.

  1. Guest

    Is it possible to set a filter, use the find command, or
    run an LDAP query, to output only the user accounts that
    are disabled?

    Thanks in advance,
    Rob
     
    , Nov 5, 2003
    #1
    1. Advertisements

  2. There is a sample script that does this at
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ScriptCenter/user/ScrUG108.asp

    --
    Tim Hines, MCSE, MCSA
    Windows 2000 Directory Services

    =====================================================
    When responding to posts, please "Reply to Group" via
    your newsreader so that others may learn and benefit
    from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Tim Hines [MSFT], Nov 5, 2003
    #2
    1. Advertisements

  3. Jeremy Guest

    You can also use csvde to export the useraccountcontrol values to a csv and
    then join those values in access or SQL with a reference table.

    Example Export:
    Csvde -f C:\mbx_publicDelegates.csv -s dc1.domain.com -b user domain
    P@$$word -u -d "DC=domain,DC=com" -r
    "(&(objectClass=User)(ObjectCategory=Person))" -l "cn, distinguishedName,
    sAMAccountName, userAccountControl, userPrincipalName, uSNChanged,
    whenChanged, whenCreated"''

    You can leave out the -u if you do not want Unicode, leave out the -b if you
    are on a domain member machine, leave off the " " on the -l (attributes) if
    you do not use spaces after the attribute names.

    Reference Table: First line is the header row.

    UserAccountControl_Num,Account_Status
    512,Account: Enabled
    514,Account: ACCOUNTDISABLE
    528,Account: Enabled - LOCKOUT
    530,Account: ACCOUNTDISABLE - LOCKOUT
    544,Account: Enabled - PASSWD_NOTREQD
    546,Account: ACCOUNTDISABLE - PASSWD_NOTREQD
    560,Account: Enabled - PASSWD_NOTREQD - LOCKOUT
    640,Account: Enabled - ENCRYPTED_TEXT_PWD_ALLOWED
    2048,Account: INTERDOMAIN_TRUST_ACCOUNT
    2080,Account: INTERDOMAIN_TRUST_ACCOUNT - PASSWD_NOTREQD
    4096,Account: WORKSTATION_TRUST_ACCOUNT
    8192,Account: SERVER_TRUST_ACCOUNT
    66048,Account: Enabled - DONT_EXPIRE_PASSWORD
    66050,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD
    66064,Account: Enabled - DONT_EXPIRE_PASSWORD - LOCKOUT
    66066,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD - LOCKOUT
    66080,Account: Enabled - DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
    66082,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
    66176,Account: Enabled - DONT_EXPIRE_PASSWORD - ENCRYPTED_TEXT_PWD_ALLOWED
    131584,Account: Enabled - MNS_LOGON_ACCOUNT
    131586,Account: ACCOUNTDISABLE - MNS_LOGON_ACCOUNT
    131600,Account: Enabled - MNS_LOGON_ACCOUNT - LOCKOUT
    197120,Account: Enabled - MNS_LOGON_ACCOUNT - DONT_EXPIRE_PASSWORD
    532480,Account: SERVER_TRUST_ACCOUNT - TRUSTED_FOR_DELEGATION (Domain
    Controller)
    1049088,Account: Enabled - NOT_DELEGATED
    1049090,Account: ACCOUNTDISABLE - NOT_DELEGATED
    2097664,Account: Enabled - USE_DES_KEY_ONLY
    2687488,Account: Enabled - DONT_EXPIRE_PASSWORD - TRUSTED_FOR_DELEGATION -
    USE_DES_KEY_ONLY
    4194816,Account: Enabled - DONT_REQ_PREAUTH


    Jeremy
     
    Jeremy, Nov 6, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.