CertCities.com | Column: Custom LDAP Query To Show Locked User Accounts

CertCities.com -- The Ultimate Site for Certified IT Professionals

Keep on Top of the Latest Certification News: Subscribe to CertCities.com Newsletter

Advanced Search

Free Newsletter

Sign-up for the #1 Weekly IT
Certification News
and Advice.

See What's New on
Redmondmag.com!

• Cover Story: IE8: Behind the 8 Ball

• Tech-Ed: Let's (Third) Party!

• A Secure Leap into the Cloud

• Windows Mobile's New Moves

• SQL Speed Secrets

Let us know what you
think! E-mail us at:
ccfeedback@certcities.com

Home

Editorial

Columns

Column Story

Friday: July 30, 2010

Participate in a
Web Seminar
and you could win
a FREE iPod nano!

TECH LIBRARY
WEBCASTS

Zubair Alexander

Custom LDAP Query To Show Locked User Accounts

How can I create a custom LDAP query that will allow me to determine locked user accounts in Windows Server 2003?

by Zubair Alexander

9/12/2007 -- You can use the Saved Query feature in Active Directory Users and Computers. Here's the procedure:

Go to ADUC and right-click on Saved Queries.
Select New, Query.
Type in the name and description of the query (e.g., Locked User Accounts) and then click on Define Query.
In the Find box, select Custom Search and then click on the Advanced tab.
Enter the following text for the LDAP query:
(&(&(&(objectCategory=person)(objectClass=user)
(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))
Click OK twice to close all windows.
Simply highlight the "Locked User Accounts" query and press F5 to refresh. If you have any accounts that are locked, they will show up in the right-hand pane.

If your query fails, it's most likely because you entered carriage returns in the LDAP query. The query does not contain any spaces or carriage returns.

Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at alexander@techgalaxy.net.

More articles by Zubair Alexander:
FrontPage Server Extensions on 64-bit Windows Server 2008

Synching Outlook 2007 Contacts with SharePoint

Saving SharePoint Files to the Server

Moving, Deleting a File That's Always in Use

-- advertisement --

There is 1 user Comments for “Custom LDAP Query To Show Locked User Accounts”
Page 1 of 1
2/6/08: Jakov Haimi from Finland says: How to create LDAP Query or VBS script, which lists all the groups and the members of a group in a specified domain, also in case if one of the member is a group.

Your comment about: “Custom LDAP Query To Show Locked User Accounts”

Name: (optional)
Location: (optional)
E-mail Address: (optional)

Comment:

top

Sponsored Links

Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. Cisco® and Cisco Systems® are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. Oracle® is a registered trademark of Oracle Corp. A+®, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.

Reprints allowed with written permission from the publisher. For more information, e-mail editor@certcities.com