5 Saved Queries to simplify Active Directory administration

5 Saved Queries to simplify Active Directory administration

In this article I will show you how to build 5 Saved Queries in Active Directory Users and Computers that will make user management a little less painful.

Active Directory Screenshot

Using Saved Queries, you will be able to quickly see which users are locked out, who’s password has expired and who needs to change their passwords at next login.  This article is for IT System Administrators tasked with managing Active Directory Domains.

Before we get started, I want to point out an important bit of information about using Saved Queries.  Each time you navigate to a Saved Query, you will need to refresh to trigger the query to rerun.  You can accomplish this by pressing the F5 key or by right-clicking on the saved query and choosing “Refresh“.

Saved Query: Right Click Refresh

1) Accounts: Locked Out Users

List currently locked out users.  This query is helpful when troubleshooting user login issues.  Rather than digging through Event Logs or finding the users account in AD, the user will just show up in this list.

Custom Query Edit Screenshot

Custom Query Edit Screenshot

2) Accounts: Non-Expiring Passwords

List users that have “Password never expires” option ticked

Non-Expiring Passwords Screenshot

password never expires ldap query

3) Accounts: Never Logged in

List user accounts that have never logged in

Saved Query Edit Screenshot

Never Logged In LDAP Query

4: Accounts: Needing to change password on next login

This query will list user accounts who are required to change their password at next login

Saved Query Edit Screenshot

Saved Queries Change Password Next Login

5: Accounts: Password Expired

This query will list user accounts who’s password has expired.

Custom Query Edit Screenshot

Custom LDAP Query Screenshot

These queries were created and used on a Windows Server 2008 R2 machine.  I have not tested them on Server 2012 or Server 2016 but they should work just fine.

Download all 5 Saved Queries from this article here:


How to Import Saved Query Definitions

  1. Download and extract the zip file linked above
  2. Open “Active Directory Users and Groups”
  3. Right-click on “Saved Queries” and choose “Import Query Definition”
  4. Browse to and choose the first xml file
  5. Repeat above steps for each Query Definition



This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ads Blocker Image Powered by Code Help Pro

🙏🙏A Humble Request to Disable AdBlock 🙏🙏

You can close this message & continue reading but...
❤️❤️❤️ Please consider visiting one of my sponsors first ❤️❤️❤️

DigitalOcean 🚀

Sign up and get a $200, 60-day credit to try DO.
Spend $25 after your credit expires and I will also get $25 in credit!
DigitalOcean Referral Badge

Pictory 🤖

Create amazing videos using Pictorys AI powered software.
Its FREE to create your first 3 video projects

Hi Reader, I noticed that you are using an ad blocker while visiting my website. While I completely understand that excessive ads can hinder your browsing experience, ad revenue helps pay for the cost associated with operating this website.

jcutrer.com is a labor of love, created with the primary aim to provide you with quality content, free of cost. It’s a space where I share information, ideas, and insights that I hope have a meaningful impact. However, maintaining and updating this platform incurs substantial costs.