LDAP – User query


Users without Managers
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!manager=*))

Users in more than One Group
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(memberOf=*))

Recently Created Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(createTimeStamp>=givenTime))

Recently Modified Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(modifyTimeStamp>=givenTime))

Users with Logon Script
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(scriptPath=*))

Recently Deleted Users
(&(objectClass=user)(!objectClass=computer)(isDeleted=TRUE)(whenChanged>=givenTime))

Disabled Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=2))

Locked Out Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lockouttime>=1))

Account Expired Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)(!accountExpires=9223372036854775807)(accountExpires<=currentTime) )

Soon-to-Expire User Accounts
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(!accountExpires<=currentTime )(accountExpires<=givenTime))

Account Never Expire Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(accountExpires=0)(accountExpires=9223372036854775807)))

Inactive Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(!lastlogon=*)(lastlogon<=givenTime)))

Users Never Logged On
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(lastlogon=0)(!lastlogon=*)))

Users whose Password Never Expires
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=65536))

Password Expired Users
(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(!userAccountControl:1.2.840.113556.1.4.803:=65536)
(!pwdLastSet=0)(pwdLastSet<=time based on maximum password age))

Password Unchanged Users
(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!pwdLastSet=0)(!pwdLastSet>=givenTime))

Referce:
. LDAP tips #1: Searching for Users

Advertisements
This entry was posted in Scripts. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s