This script will display all user accounts in AD that have expired, including service accounts unless you have a field called EmployeeType set to Service.
<?php $ds = ldap_connect("server-dc.global.domain.com"); $OU = "OU=My Company, DC=global, DC=domain, DC=com"; $OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807)))"; if ($ds) { $r = ldap_bind($ds, "domain\eldap", "password"); if($r) { $sr = ldap_search($ds, $OU, $OUQuery); $info = ldap_get_entries($ds, $sr); for ($i=0; $i<$info["count"]; $i++) { for ($x=0; $x<$info[$i]["count"]; $x++) echo "<B>".$info[$i][$x].":</b> ". $info[$i][$info[$i][$x]][0]."<br>"; echo "<HR>\n"; } } ldap_close($ds); } ?>
You can also set a limit on how far back you’d like to go by using the following instead
<?php $ds = ldap_connect("server-dc.global.domain.com"); $OU = "OU=My company, DC=global, DC=domain, DC=com"; $newExpiration = time(); $newExpiration += 11644524000; $newExpiration *= 10000000; $OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807))(accountExpires<=".sprintf ("%.0f", $newExpiration)."))"; if ($ds) { $r = ldap_bind($ds, "domain\eldap", "password"); if($r) { $sr = ldap_search($ds, $OU, $OUQuery); $info = ldap_get_entries($ds, $sr); for ($i=0; $i<$info["count"]; $i++) { for ($x=0; $x<$info[$i]["count"]; $x++) echo "<B>".$info[$i][$x].":</b> ". $info[$i][$info[$i][$x]][0]."<br>"; echo "<HR>\n"; } } ldap_close($ds); } ?>
Or you can update the script to have the following code which will let you specify the date range (start and end) for the selection. The below values are submitted via a standard form via GET Method.
$wcE = $PHPtime; $wcS = $PHPtime - (6 * 4 * 7 * 24 * 60 * 60); if(isset($_GET["wcS"])) $wcS = $_GET["wcS"]; else $wcS = date("Ymd", $wcS); if(isset($_GET["wcE"])) $wcE = $_GET["wcE"]; else $wcE = date("Ymd", $wcE); $OUQuery = "(&(objectCategory=Person)(objectClass=User)(!(employeetype=*ervice))(!(accountExpires=0))(!(accountExpires=9223372036854775807))(accountExpires>=".StringDateToNumber($wcS).") (accountExpires<=".StringDateToNumber($wcE)."))"; function StringDateToNumber($val) { // Date format should be YYYYMMDD $Year = substr($val,0,4); $Month = substr($val,4,2); $Day = substr($val,6,2); $tt = @gmmktime(12, 0, 0, $Month, $Day, $Year); $tt += 11644524000; $tt *= 10000000; return sprintf ("%.0f", $tt); }