How To: Find Locked Out User Accounts

| | No TrackBacks
It may be necessary to find quickly all the locked-out user accounts. The Saved Queries feature available in Windows Server 2003 and above can be the most convenient tool to achieve that.

At the Active Directory Users and Computers console right-click on Saved Queries and select new query creation. You will need to specify the query root (where in the namespace to start searching). You will need to use custom search, since there are no standard queries to fulfill your task. AT the Advanced tab and enter the following query string:

(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))

Click OK twice to create and run the saved query. Note that the mentioned query requires at least Windows Server 2003 SP1.

There's an alternate query to try to achieve the same:
 
(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

No TrackBacks

TrackBack URL: /blog/mt-tb.cgi/73

blog comments powered by Disqus

About this Entry

This page contains a single entry by Konstantin Boyandin published on January 20, 2010 2:36 PM.

How To: Find Groups User Belongs To was the previous entry in this blog.

How To: Disable Run-As Command is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.