![]() ![]() This was an often lengthy process that required knowledge of how ADSI utilizes LDAP search filters to resolve a query.Īll queries located in the Saved Queries folder are stored in Active Directory Users and Computers (dsa.msc). Before saved queries, administrators were required to create custom ADSI scripts that would perform a query on common objects. Find users created between -01Īctive Directory Users and Computers provides a Saved Queries folder in which administrators can create, edit, save, and organize saved queries.Find users that have non-expiring passwords.Find all user accounts that have the name “srv_acct” in them, if your service accounts follow a naming convention.Find all Computers that do not have a Description.Find all Users that are almost Locked-Out.Find all Users that need to change password on next login.Find Users Mailboxes Overriding Exchange Size Limit Policies.Find All printers with Color printing capability.Find all Users with Dial-In permissions.Find all Users with Mobile numbers 712 or 155.Find all Users, Groups or Contacts where Company or Description is Contractors.Finds all disabled accounts in active directory.Finds non disabled accounts that must change their password at next logon.Find user accounts with no profile path.Find user accounts with no log on script.Find all users that never log in to domain.Find user accounts with passwords set to never expire.Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group.Find users who have admin in description field.Find Groups that contains the word admin.Users with No Email Address (finds accounts with no email address).Users with Email Address (finds accounts that have an email address).Domain Local Groups (finds groups with Domain Local scope).Locked Out Accounts (finds all locked out accounts).UserList Exclude Disabled Account (finds all user accounts except those that are disabled).Must Change Password and Not Disabled (finds nondisabled accounts that must change their password at next logon).No Profile Path (finds accounts that don’t have roaming profiles).No Login Script (finds accounts that don’t run a logon script).No Employee ID (finds any user account that has no employeeid value).Password Does Not Expire (finds user accounts with nonexpiring passwords).User Like Service (finds any account ID that has a name containing the word service).Global Group, a Domain Local Group, or a Universal Group that has no members).Global, Domain Local, or Universal Groups (finds any group defined as a Global Group, a Domain Local Group, or a Universal Group).Groups with No Members (finds groups that have no members in them).Universal Groups (finds groups with universal scope).Groups Like Admin (finds any groups whose name contains the word admin).Description Like Service (finds accounts in which the description contains the word service).Groups Like Service (finds any group name that contains the word service).Exchange Servers (running on Windows 2003) (please verify in your environment).SQL Servers (running on Windows 2003) (please verify in your environment).Windows Server 2003 Service Pack 1 Installed.Windows XP Computers with No Service Pack Installed.Windows XP Computers with Service Pack 1 Installed.Windows XP Computers with Service Pack 2 Installed.Active Directory - Saved Queries (ADUC MMC)
0 Comments
Leave a Reply. |