This script will display all user accounts in AD that have expired, including service accounts unless you have a field called EmployeeType set to Service.
<?php
$ds = ldap_connect("server-dc.global.domain.com");
$OU = "OU=My Company, DC=global, DC=domain, DC=com";
$OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807)))";
if ($ds)
{
$r = ldap_bind($ds, "domain\eldap", "password");
if($r)
{
$sr = ldap_search($ds, $OU, $OUQuery);
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++)
{
for ($x=0; $x<$info[$i]["count"]; $x++)
echo "<B>".$info[$i][$x].":</b> ". $info[$i][$info[$i][$x]][0]."<br>";
echo "<HR>\n";
}
}
ldap_close($ds);
}
?>
You can also set a limit on how far back you’d like to go by using the following instead
<?php
$ds = ldap_connect("server-dc.global.domain.com");
$OU = "OU=My company, DC=global, DC=domain, DC=com";
$newExpiration = time();
$newExpiration += 11644524000;
$newExpiration *= 10000000;
$OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807))(accountExpires<=".sprintf ("%.0f", $newExpiration)."))";
if ($ds)
{
$r = ldap_bind($ds, "domain\eldap", "password");
if($r)
{
$sr = ldap_search($ds, $OU, $OUQuery);
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++)
{
for ($x=0; $x<$info[$i]["count"]; $x++)
echo "<B>".$info[$i][$x].":</b> ". $info[$i][$info[$i][$x]][0]."<br>";
echo "<HR>\n";
}
}
ldap_close($ds);
}
?>
Or you can update the script to have the following code which will let you specify the date range (start and end) for the selection. The below values are submitted via a standard form via GET Method.
$wcE = $PHPtime;
$wcS = $PHPtime - (6 * 4 * 7 * 24 * 60 * 60);
if(isset($_GET["wcS"]))
$wcS = $_GET["wcS"];
else
$wcS = date("Ymd", $wcS);
if(isset($_GET["wcE"]))
$wcE = $_GET["wcE"];
else
$wcE = date("Ymd", $wcE);
$OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807))(accountExpires>=".StringDateToNumber($wcS).") (accountExpires<=".StringDateToNumber($wcE)."))";
function StringDateToNumber($val)
{ // Date format should be YYYYMMDD
$Year = substr($val,0,4);
$Month = substr($val,4,2);
$Day = substr($val,6,2);
$tt = @gmmktime(12, 0, 0, $Month, $Day, $Year);
$tt += 11644524000;
$tt *= 10000000;
return sprintf ("%.0f", $tt);
}