It may be necessary to find quickly all the locked-out user accounts. The Saved Queries feature available in Windows Server 2003 and above can be the most convenient tool to achieve that.
At the Active Directory Users and Computers console right-click on Saved Queries and select new query creation. You will need to specify the query root (where in the namespace to start searching). You will need to use custom search, since there are no standard queries to fulfill your task. AT the Advanced tab and enter the following query string:
(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))
Click OK twice to create and run the saved query. Note that the mentioned query requires at least Windows Server 2003 SP1.
There's an alternate query to try to achieve the same:
(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))
At the Active Directory Users and Computers console right-click on Saved Queries and select new query creation. You will need to specify the query root (where in the namespace to start searching). You will need to use custom search, since there are no standard queries to fulfill your task. AT the Advanced tab and enter the following query string:
(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))
Click OK twice to create and run the saved query. Note that the mentioned query requires at least Windows Server 2003 SP1.
There's an alternate query to try to achieve the same:
(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))
