LDAP Filter to find accounts not set to expire in Microsoft Active Directory

In order to show accounts that are not set to expire you will need to use the below LDAP filter.

Accounts that don’t expire:

(&(objectCategory=person)(objectClass=user)(|(accountExpires=9223372036854775807)(accountExpires=0)))

 Accounts that have an expiration date:

(&(objectCategory=person)(objectClass=user)(&(!accountExpires=9223372036854775807)(!accountExpires=0)))

About the accountExpires attribute

Account-Expires Attribute

The date when the account expires. This value represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.

http://msdn2.microsoft.com/en-us/library/ms675098(VS.85).aspx

Comments are closed.

Sign in
classic
Forgot password?
×
Sign up

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy

×