FindExpAcc: Free Software for checking expired AD accounts and passwords

An active directory user account that has not been used for a long time may expire without the user or administrator's knowledge. Writing a script to search for expired accounts or passwords of expired accounts is boring. This may be why Joe Richard of JoeWare.net released the FindExpAcc tool software.

FindExpAcc is a command line tool. You can query any expired accounts on the local LDAP server and obtain results returned in a comma-separated format. This kind of search applies to normal expired accounts and accounts with expired passwords. This software also provides many command line options. I will briefly introduce them as follows:

Skipforced: Do not display accounts with expired passwords due to administrator intervention.

Pwd: Check whether the password expires without checking the account.

Dsq: only the DNS referenced in the response is printed.

Days n: Check the records of the past n days to see which accounts expire at that time. Note: This function only takes a fixed 24-hour period for forward queries and cannot start from a specified day. Note that if the number of days that have expired is displayed as a negative number, it indicates the number of days that have expired.

T n: the connection timeout time (default value: 120 seconds ).

Excldn nn: provides a set of strings to filter query objects from output data.

S scope: Change the LDAP search range. The default value is subtree. Other values include root and individual.

H hostname: Change the default LDAP server. This type of server is usually determined by the Active Directory. If the Active Directory is not running, you must specify an Active Directory. The host name can be the name of a machine or an IP address.