What is the correct command in ADFind to list last login date for all domain users who have been disabled? And to write it out to text file. Regards

The following outputs sAMAccountName (pre-Windows 2000 logon name) and lastLogonTimeStamp for all disabled users in the domain, and redirects to a text file: adfind -b dc=MyDomain,dc=com -f "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" sAMAccountName lastLogonTimeStamp This assumes your domain is at Windows Server 2003 functional level or above. I would need to read the syntax help for adfind to see if there is a more compact filter for disabled users, but the above is a standard LDAP filter. It could also be used with dsquery * -filter. Richard Mueller - MVP Directory Services