filter to show disabled accounts

  • Thread starter Thread starter rbrandon
  • Start date Start date
R

rbrandon

Is it possible to set a filter, use the find command, or
run an LDAP query, to output only the user accounts that
are disabled?

Thanks in advance,
Rob
 
There is a sample script that does this at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ScriptCenter/user/ScrUG108.asp

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
You can also use csvde to export the useraccountcontrol values to a csv and
then join those values in access or SQL with a reference table.

Example Export:
Csvde -f C:\mbx_publicDelegates.csv -s dc1.domain.com -b user domain
P@$$word -u -d "DC=domain,DC=com" -r
"(&(objectClass=User)(ObjectCategory=Person))" -l "cn, distinguishedName,
sAMAccountName, userAccountControl, userPrincipalName, uSNChanged,
whenChanged, whenCreated"''

You can leave out the -u if you do not want Unicode, leave out the -b if you
are on a domain member machine, leave off the " " on the -l (attributes) if
you do not use spaces after the attribute names.

Reference Table: First line is the header row.

UserAccountControl_Num,Account_Status
512,Account: Enabled
514,Account: ACCOUNTDISABLE
528,Account: Enabled - LOCKOUT
530,Account: ACCOUNTDISABLE - LOCKOUT
544,Account: Enabled - PASSWD_NOTREQD
546,Account: ACCOUNTDISABLE - PASSWD_NOTREQD
560,Account: Enabled - PASSWD_NOTREQD - LOCKOUT
640,Account: Enabled - ENCRYPTED_TEXT_PWD_ALLOWED
2048,Account: INTERDOMAIN_TRUST_ACCOUNT
2080,Account: INTERDOMAIN_TRUST_ACCOUNT - PASSWD_NOTREQD
4096,Account: WORKSTATION_TRUST_ACCOUNT
8192,Account: SERVER_TRUST_ACCOUNT
66048,Account: Enabled - DONT_EXPIRE_PASSWORD
66050,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD
66064,Account: Enabled - DONT_EXPIRE_PASSWORD - LOCKOUT
66066,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD - LOCKOUT
66080,Account: Enabled - DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
66082,Account: ACCOUNTDISABLE - DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
66176,Account: Enabled - DONT_EXPIRE_PASSWORD - ENCRYPTED_TEXT_PWD_ALLOWED
131584,Account: Enabled - MNS_LOGON_ACCOUNT
131586,Account: ACCOUNTDISABLE - MNS_LOGON_ACCOUNT
131600,Account: Enabled - MNS_LOGON_ACCOUNT - LOCKOUT
197120,Account: Enabled - MNS_LOGON_ACCOUNT - DONT_EXPIRE_PASSWORD
532480,Account: SERVER_TRUST_ACCOUNT - TRUSTED_FOR_DELEGATION (Domain
Controller)
1049088,Account: Enabled - NOT_DELEGATED
1049090,Account: ACCOUNTDISABLE - NOT_DELEGATED
2097664,Account: Enabled - USE_DES_KEY_ONLY
2687488,Account: Enabled - DONT_EXPIRE_PASSWORD - TRUSTED_FOR_DELEGATION -
USE_DES_KEY_ONLY
4194816,Account: Enabled - DONT_REQ_PREAUTH


Jeremy
 
Back
Top