Posts Tagged ‘accounts locked out’

Most of these are pretty simple and should be setup and reviewed on a regular basis by Administrators responsible for Active Directory environments.  Here is an easy way to save the queries in AD.

Capture

Admin Groups

1. Right click Saved Queries–>Select New Query–>Type a Name and select the Domain, Include all Subcontainers

2. Select Define Query–>Advanced Tab

3. Add Field = Member Of, Condition Is (exactly), Value = CN=Administrators,CN=Builtin,DC=<type domain name>,DC=com

4. Save

Disabled Accounts

1. Right click Saved Queries–>Select New Query–>Type a Name and select the Domain, Include all Subcontainers

2. Select Define Query–>Check “Disabled Accounts”

3. Save

Non-Expiring Pwd

1. Right click Saved Queries–>Select New Query–>Type a Name and select the Domain, Include all Subcontainers

2. Select Define Query–>Check “Non Expiring Passwords”

3. Save

Accounts Locked Out

1. Right click Saved Queries–>Select New Query–>Type a Name and select the Domain, Include all Subcontainers

2. Select Define Query–>Advanced Tab

3. Select Custom Search at the top and enter the following LDAP query

(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))

4. Save