Re: View expired accounts

From: Joe Richards [MVP] (
Date: 06/19/02

From: "Joe Richards [MVP]" <>
Date: Tue, 18 Jun 2002 22:54:17 -0400

Users and computers will not display that info via changed icons.

You can pull it programmatically via ADSI or if you aren't a scripter go get
either secdata or userdump from the free win32 tools page of; either tool will produce user dumps with one of the fields
displaying whether the accounts are disabled or expired or locked.

You can use the tools in combination with GREP or FIND or FINDSTR or just
pipe to text files and sort in excel.

Joe Richards
"Mary Elizabeth" <> wrote in message
> While auditing our account security, I discovered that AD
> for User sand Computers does not appear to give me any
> indication that an account has expired.  When an account
> is disabled, the icon shows a red X, but there is no
> indication for expired accounts.  I know they are working
> properly because when I try to log in with the account,
> the system returns an error that the account has been
> disabled.  So AD obviously knows the account is no longer
> active - but I can't find any way of returning that
> information via a report, or visually.  Does anyone have
> any ideas?  Or what am I missing?
> Thanks,
> Mary Elizabeth