Retrieving User accounts that are not required to change the password can be done by querying the edsaPasswordNeverExpires Boolean attribute. If it is set to TRUE, then the account is not required to change its associated password.
If LDAPFilter is being used, it is not possible to use any attributes which start with edsa, as they are computed. Instead, search for the Microsoft binary value of (userAccountControl:1.2.840.113556.1.4.803:=65536) in order to return accounts which are not required to change their password.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center