Skip navigation
Menu
Compute Engines

Q. How can I query all user accounts for a specific account expiration date?

The account expiration date is stored in the accountExpires attribute and contain a date and time as a 64-bit number, like 126822420000000000.

It is possible to use DsQuery to retrieve all user records, converting accountExpires to a date and time before testing, or you can use a LDAP query to retrieve all the records, but you still have to convert accountExpires to a date and time.

If you use ADFind.exe, you can take advantage of the -binenc and -tdcs switches,like:

adfind -default -nodn -csv -tdcs -binenc -f "&(objectcategory=Person)(accountexpires>=\{\{LOCAL:2002/11/20\}\})(accountexpires
which produces the following output in my domain: 
"distinguishedName","sAMAccountName","accountExpires"
"CN=Jane Doe,CN=Users,DC=JSIINC,DC=COM","Jane.Doe","2002/11/21-01:00:00 Eastern Daylight Time"
"CN=JohnDoe,OU=OU_TEST,DC=JSIINC,DC=COM","John.Doe","2002/11/20-01:00:00 Eastern Daylight Time"
NOTE: Because accountExpires contains date and time, you must search a range of values.


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023