5 Saved Queries to simplify Active Directory administration
In this article I will show you how to build 5 Saved Queries in Active Directory Users and Computers that will make user management a little less painful.
Using Saved Queries, you will be able to quickly see which users are locked out, who’s password has expired and who needs to change their passwords at next login. This article is for IT System Administrators tasked with managing Active Directory Domains.
Before we get started, I want to point out an important bit of information about using Saved Queries. Each time you navigate to a Saved Query, you will need to refresh to trigger the query to rerun. You can accomplish this by pressing the F5 key or by right-clicking on the saved query and choosing “Refresh“.
1) Accounts: Locked Out Users
List currently locked out users. This query is helpful when troubleshooting user login issues. Rather than digging through Event Logs or finding the users account in AD, the user will just show up in this list.
2) Accounts: Non-Expiring Passwords
List users that have “Password never expires” option ticked
3) Accounts: Never Logged in
List user accounts that have never logged in
4: Accounts: Needing to change password on next login
This query will list user accounts who are required to change their password at next login
5: Accounts: Password Expired
This query will list user accounts who’s password has expired.
These queries were created and used on a Windows Server 2008 R2 machine. I have not tested them on Server 2012 or Server 2016 but they should work just fine.
Download all 5 Saved Queries from this article here:
jcutrer.com-saved-query-definitions.zip
How to Import Saved Query Definitions
- Download and extract the zip file linked above
- Open “Active Directory Users and Groups”
- Right-click on “Saved Queries” and choose “Import Query Definition”
- Browse to and choose the first xml file
- Repeat above steps for each Query Definition
