M$ AD User view

AD Users View



All Users
It provides the details of all the users in the selected scope.

How it works: This view is generated by querying the Directory Service with the filter
“(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370))”

Users without Managers
It provides the list of users who do not have any managers assigned to them.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!manager=*))"

Manager Based Users
It provides the list of users that directly report to the selected user (Manager). The users listed in report are those who have the manager property set to this selected user.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(manager=managerDN))"

Users in more than One Group
It provides the details of users who belong to more than one group.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(memberOf=*))"

Recently Created Users
It provides the details of the user accounts created recently.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(createTimeStamp>=givenTime))"

Recently Modified Users
It generates the lists of user accounts modified recently.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(modifyTimeStamp>=givenTime))"

Dial-in Allow Access
It generates the list of users who have access to dial-in.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(msNPAllowDialin=TRUE))"

Dial-in Deny Access
It generates the list of users who don’t have access to dial-in.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(msNPAllowDialin=FALSE)(!msNPAllowDialin=*)))"

Users with Logon Script
It generates the list of users who have logon scripts. Logon scripts are those which run automatically when the user logon.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(scriptPath=*))"

Users without Logon Script
It generates the list of users who don’t have logon scripts. Logon scripts are those which run automatically when the user logon.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!scriptPath=*))"

All Deleted Users
It generates the list of all deleted users in the domain.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectClass=user)(!objectClass=computer)(isDeleted=TRUE))"

Recently Deleted Users
It generates the list of all user account deleted recently in the domain.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectClass=user)(!objectClass=computer)(isDeleted=TRUE)(whenChanged>=givenTime))"

Account Status

Disabled Users
It generates the list of all disabled user accounts.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=2))"

Locked Out Users
It generates the list of all user accounts that have been locked out.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lockouttime>=1))"

Account Expired Users
It generates the list of all user accounts that have expired.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(accountExpires<=currentTime) )"

Recently Account Expired Users
It generates the list of all user accounts that have expired in the given number of days.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(accountExpires<=currentTime) (accountExpires>=givenTime))"

Soon-to-Expire User Accounts
It generates the list of all user accounts that will expire within the given number of days.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!accountExpires=0)
(!accountExpires=9223372036854775807)(!accountExpires<=currentTime )(accountExpires<=givenTime))"

Account Never Expire Users
It generates the list of all user accounts which will never expire.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(accountExpires=0)
(accountExpires=9223372036854775807)))"

Logon

Inactive Users
It generates the list of all users who have not logged on for the past 'n' days. The inactive users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(!lastlogon=*)(lastlogon<=givenTime)))"

Recently Logged on Users
It generates the list of all users who have logged during the past 'n' days. The recently logged on users are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(lastlogon>=givenTime))

Users Never Logged On
It generates the list of all users who have not logged on to the domain. The Users never logged on are determined based on their last logon time. All the domain controllers are scanned for the last logon time to ensure accuracy. If any of the DC's could not be contacted, the list generation will fail.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(|(lastlogon=0)(!lastlogon=*)))"

Enabled Users
It generates the list of all enabled user accounts.

How it works: This view is generated by querying the Directory Service with the filter
"(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

Password

Recently Bad Logged on Users

It generates the list of all users who tried to logon with bad password.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(badPasswordTime>=givenTime))"

Users whose Password Never Expires
It generates the list of all users whose password never expires.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(userAccountControl:1.2.840.113556.1.4.803:=65536))"

Password Expired Users
It generates the list of all users whose passwords are expired.

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(!userAccountControl:1.2.840.113556.1.4.803:=65536)
(!pwdLastSet=0)(pwdLastSet<=time based on maximum password age))"

Soon-to-Expire User Passwords
It generates the list of all users whose passwords will expire in ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!(sAMAccountType=805306370))(!use rAccountControl:1.2.840.113556.1.4.803:=65536)(!pwdLastSet<={0})(pwdLastSet<=time based on maximum password age and the given time))"

Password Changed Users
It generates the list of all users whose passwords are modified during the given ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!pwdLastSet=0)(!pwdLastSet<=givenTime))"

Password Unchanged Users
It generates the list of all users whose passwords are not modified during the given ‘n’ days

How it works: This view is generated by querying the Directory Service with the filter "(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!pwdLastSet=0)(!pwdLastSet>=givenTime))"

你可能感兴趣的:(Access)