I want to query Active Directory from SQL Server like this, but retrieving only current users. I presume the way to do this is to check the 'accountExpires' field.
This is made slightly tricky since dates in AD are stored as the number of 100 nanosecond intervals since January 1, 1601 (UTC). In the accountExpires field a value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.
Does anyone have some code for doing this date conversion, or another technique for querying active users - maybe some ldap syntax?
So I want something like:
SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND ( accountExpires = 0
OR accountExpires > Now() )')
or replacing Now() with some sql-converted getdate().