CUSTOM LDAP QUERY TO SHOW LOCKED USER ACCOUNTS

QUESTION:
How can I create a custom LDAP query that will allow me to determine
locked user accounts in Windows Server 2003?

ANSWER:
You can use the Saved Query feature in Active Directory Users and
Computers. Here’s the procedure:

1. Go to ADUC and right-click on Saved Queries.
2. Select New, Query.
3. Type in the name and description of the query (e.g., Locked User
Accounts), and then click on Define Query.
4. In the Find box, select Custom Search and then click on the
Advanced tab.
5. Enter the following text for the LDAP query without the quotes:
“(&(&(&(objectCategory=person)(objectClass=user)
(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))”
6. Click OK twice to close all windows.
7. Simply highlight the “Locked User Accounts” query and press F5 to
refresh. If you have any accounts that are locked, they will show
up in the right-hand pane.

If your query fails, it’s most likely because you entered carriage
returns in the LDAP query. The query does not contain any spaces or
carriage returns.

By Zubair Alexander

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: