deadcow

浏览: 51193 次
性别:
来自: JM&ZH&HK

最近访客更多访客>>

longlongkong

xchao

joe01

zjy7554

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

M$ AD User view

博客分类：

LDAP

Access

AD Users View

All Users
It provides the details of all the users in the selected scope.

How it works: This view is generated by querying the Directory Service with the filter
“(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370))”

Users without Managers
It provides the list of users who do not have any managers assigned to them.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!manager=*))"

Manager Based Users
It provides the list of users that directly report to the selected user (Manager). The users listed in report are those who have the manager property set to this selected user.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(manager=managerDN))"

Users in more than One Group
It provides the details of users who belong to more than one group.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(memberOf=*))"

Recently Created Users
It provides the details of the user accounts created recently.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(createTimeStamp>=givenTime))"

Recently Modified Users
It generates the lists of user accounts modified recently.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(modifyTimeStamp>=givenTime))"

Dial-in Allow Access
It generates the list of users who have access to dial-in.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(msNPAllowDialin=TRUE))"

Dial-in Deny Access
It generates the list of users who don’t have access to dial-in.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(msNPAllowDialin=FALSE)(!msNPAllowDialin=*)))"

Users with Logon Script
It generates the list of users who have logon scripts. Logon scripts are those which run automatically when the user logon.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(scriptPath=*))"

Users without Logon Script
It generates the list of users who don’t have logon scripts. Logon scripts are those which run automatically when the user logon.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!scriptPath=*))"

All Deleted Users
It generates the list of all deleted users in the domain.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectClass=user)(!objectClass=computer)(isDeleted=TRUE))"

Recently Deleted Users
It generates the list of all user account deleted recently in the domain.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectClass=user)(!objectClass=computer)(isDeleted=TRUE)(whenChanged>=givenTime))"

Account Status

Disabled Users
It generates the list of all disabled user accounts.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=2))"

Locked Out Users
It generates the list of all user accounts that have been locked out.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lockouttime>=1))"

Account Expired Users
It generates the list of all user accounts that have expired.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(accountExpires<=currentTime) )"

Recently Account Expired Users
It generates the list of all user accounts that have expired in the given number of days.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(accountExpires<=currentTime) (accountExpires>=givenTime))"

Soon-to-Expire User Accounts
It generates the list of all user accounts that will expire within the given number of days.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(!accountExpires<=currentTime )(accountExpires<=givenTime))"

Account Never Expire Users
It generates the list of all user accounts which will never expire.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(accountExpires=0)
(accountExpires=9223372036854775807)))"

Logon

Inactive Users
It generates the list of all users who have not logged on for the past 'n' days. The inactive users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(!lastlogon=*)(lastlogon<=givenTime)))"

Recently Logged on Users
It generates the list of all users who have logged during the past 'n' days. The recently logged on users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lastlogon>=givenTime))

Users Never Logged On
It generates the list of all users who have not logged on to the domain. The Users never logged on are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(lastlogon=0)(!lastlogon=*)))"

Enabled Users
It generates the list of all enabled user accounts.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

Password

Recently Bad Logged on Users
It generates the list of all users who tried to logon with bad password.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(badPasswordTime>=givenTime))"

Users whose Password Never Expires
It generates the list of all users whose password never expires.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=65536))"

Password Expired Users
It generates the list of all users whose passwords are expired.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(!userAccountControl:1.2.840.113556.1.4.803:=65536)
(!pwdLastSet=0)(pwdLastSet<=time based on maximum password age))"

Soon-to-Expire User Passwords
It generates the list of all users whose passwords will expire in ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(!use rAccountControl:1.2.840.113556.1.4.803:=65536)(!pwdLastSet<={0})(pwdLastSet<=time based on maximum password age and the given time))"

Password Changed Users
It generates the list of all users whose passwords are modified during the given ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!pwdLastSet=0)(!pwdLastSet<=givenTime))"

Password Unchanged Users
It generates the list of all users whose passwords are not modified during the given ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!pwdLastSet=0)(!pwdLastSet>=givenTime))"

分享到：

Equals and HashCode | LDAP error

2008-12-11 09:55
浏览 958
评论(0)
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

M$ AD User view

AD Users View

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

M$ AD User view

AD Users View

评论

发表评论

相关推荐

LDAP access through JNDI

LDAP error

最近访客更多访客>>