LDAP Filter to find accounts not set to expire in Microsoft Active Directory

In order to show accounts that are not set to expire you will need to use the below LDAP filter.

Accounts that don’t expire:

(&(objectCategory=person)(objectClass=user)(|(accountExpires=9223372036854775807)(accountExpires=0)))

Accounts that have an expiration date:

(&(objectCategory=person)(objectClass=user)(&(!accountExpires=9223372036854775807)(!accountExpires=0)))

About the accountExpires attribute

Account-Expires Attribute

The date when the account expires. This value represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.

http://msdn2.microsoft.com/en-us/library/ms675098(VS.85).aspx

General

LDAP Filter to find accounts not set to expire in Microsoft Active Directory

Accounts that don’t expire:

Accounts that have an expiration date:

About the accountExpires attribute

Don‘t Miss Out on The Latest Innovation and Support

Accounts that don’t expire:

Accounts that have an expiration date:

About the accountExpires attribute

Login