Hello everyone,
I am writing a script that retrieves some Active Directory users, and writes them to a text-file. In this script, i used a filter to retrieve only the users which have the 'PasswordNeverExpires' attribute. I've learned that this attribute, along with others, is stored in the 'userAccountControl' attribute.
When i checked our AD users in an LDAP browser, i noticed that 80% of our users don't have a userAccountControl attribute, thus also no 'PasswordNeverExpires' ?! Then i checked some users in Server Manager, and they all do have the PasswordNeverExpires property enabeled, so no problem there. Does anybody know how this is possible?
I also noticed that all our users who do have a 'userAccountControl' attribute, are in an administrator group. Could this have something to do with that? Our LDAP runs on a Windows 2008 server.
Many thanks in advance,
Bookmarks