daisy
Reputation: 23571
Pure ldap query to search useraccountcontrol with DONT_EXPIRE_PASSWORD flag set
I'm trying to use ldapsearch command to search for accounts with DONT_EXPIRE_PASSWD flag set:
Since LDAP query syntax does not support binary AND op, what should I use on userAccountControl property?
I can't use Get-AdUser PowerShell commandlet, I need an LDAP query.
Upvotes: 2
Views: 964
Answers (1)
daisy
Reputation: 23571
LDAP does support a binary AND operation, e. g.:
(&(objectCategory=Person)(UserAccountControl:1.2.840.113556.1.4.803:=65536))
Where 1.2.840.113556.1.4.803, also known as the LDAP_MATCHING_RULE_BIT_AND, is the binary AND operation.
Upvotes: 1
Related Questions
- Active Directory LDAP Search Filter or operator syntax
- Find when password expires with ldapsearch
- Get-ADUser -LDAPFilter using AND and OR
- LDAPSoft AD Browser SQL LDAP query filter based on UserPasswordExpiryTimeComputed
- Active Directory Query using LDAP Query in custom search
- How to apply additional search query to LDAP
- bash ldap search - variable as filter
- LDAP query to return user
- LDAP only inactive users query
- Active Directory Custom Search LDAP query