I want to find out list of users whose account is set to "cannot change password". How can I find by LDAP query? Script is also appreciated. I just need to find out the list.
Asked
Active
Viewed 521 times
-2
-
3Copy-pasting the title into the question and hitting "post" is your level of effort? – Tomalak Nov 14 '20 at 06:53
-
Tell us what you have tried and show logs or results and Read: https://stackoverflow.com/help/how-to-ask – jwilleke Nov 14 '20 at 08:42
1 Answers
1
This LDAP search filter should find what you have asked:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=64))
This works due to the Bitwise operation Extensible Match Rules provided within Active Directory.
jwilleke
- 10,467
- 1
- 30
- 51