How is is possible to create a managed unit or query that shows all users who have Password Never Expires (edsaPasswordNeverExpires) set to TRUE?
Active Directory stores this setting as a userAccountControl bitwise hash. This can be queried using the following LDAP string:
(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))
NOTE: The :1.2.840.113556.1.4.803: is a special LDAP OID which is also known as LDAP_MATCHING_RULE_BIT_AND
For more information on the userAccountControl attribute, see this Microsoft resource.
To turn this query into a Managed Unit:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center