5 Saved Queries to simplify Active Directory administration

5 Saved Queries to simplify Active Directory administration

In this article I will show you how to build 5 Saved Queries in Active Directory Users and Computers that will make user management a little less painful.


Active Directory Screenshot

Using Saved Queries, you will be able to quickly see which users are locked out, who’s password has expired and who needs to change their passwords at next login.  This article is for IT System Administrators tasked with managing Active Directory Domains.

Before we get started, I want to point out an important bit of information about using Saved Queries.  Each time you navigate to a Saved Query, you will need to refresh to trigger the query to rerun.  You can accomplish this by pressing the F5 key or by right-clicking on the saved query and choosing “Refresh“.

Saved Query: Right Click Refresh

1) Accounts: Locked Out Users

List currently locked out users.  This query is helpful when troubleshooting user login issues.  Rather than digging through Event Logs or finding the users account in AD, the user will just show up in this list.

Custom Query Edit Screenshot

Custom Query Edit Screenshot


2) Accounts: Non-Expiring Passwords

List users that have “Password never expires” option ticked

Non-Expiring Passwords Screenshot

password never expires ldap query


3) Accounts: Never Logged in

List user accounts that have never logged in

Saved Query Edit Screenshot

Never Logged In LDAP Query


4: Accounts: Needing to change password on next login

This query will list user accounts who are required to change their password at next login

Saved Query Edit Screenshot

Saved Queries Change Password Next Login


5: Accounts: Password Expired

This query will list user accounts who’s password has expired.

Custom Query Edit Screenshot

Custom LDAP Query Screenshot


These queries were created and used on a Windows Server 2008 R2 machine.  I have not tested them on Server 2012 or Server 2016 but they should work just fine.

Download all 5 Saved Queries from this article here:

jcutrer.com-saved-query-definitions.zip

How to Import Saved Query Definitions

  1. Download and extract the zip file linked above
  2. Open “Active Directory Users and Groups”
  3. Right-click on “Saved Queries” and choose “Import Query Definition”
  4. Browse to and choose the first xml file
  5. Repeat above steps for each Query Definition

References

  • Do you use Saved Queries for AD, which ones do you find useful?

Comments are closed.