How can I view additional information about a user in the AD Users and Computers snap-in?
If managing users and computers on Active Directory has become a burden, let SolarWinds free trio of AD Admin Tools provide you relief! With the inactive user and computer account removal tools, and the user import tool, you can manage and remove computers and users from Active Directory, and you can add users in bulk. These tools run on current Windows® versions, and are even certified with Windows 7 through a strategic relationship with Microsoft®!Download SolarWinds free trio of AD Admin Tools here >
The Windows 2003 Resource Kit has a hidden .dll file called Acctinfo.dll. After registering the .dll with the following command, it will add a new property page, called Additional Account Info, to the user properties page in Active Directory Users and Computers (or ADUC for short).
If you don't have the Windows 2003 Resource Kit Tools download it from here:
If you just want the Acctinfo.dll then download it from HERE (78kb)
After installing the Resource Kit Tools, in order to register the Acctinfo.dll enter the following command:
(change the path if you've placed the .dll in some other location)
Acctinfo.dll needs to be installed on the computer that you are accessing Active Directory Users and Computers from. If you plan to manage your domain from multiple computers, Acctinfo.dll will need to be installed on each computer.
This is what you'll see on a user's properties in AD Users and Computers:
The page includes information is not typically available in the regular Active Directory Users and Computers snap-in: The date when the user's password was last set, the user's password expiry date, the date and time when a user last logged on and off, the user's SID and GUID and more.
The User Account Control box shows the userAccountControl attribute in Active Directory. This attribute determines if the password can expire, if the user is disabled or if he needs to change his password at the next logon:
The Set PW On Site DC button will show you the user's Distinguished Name and allow you to change the password for the user on a specific DC. This can be quite useful if you need to change a password for any given user, but the PDC Emulator DC is down or unreachable for some reason.
The Just Find Site button will populate the DC and Site DNs:
regsvr32 /u %systemroot%\system32\acctinfo.dll
Note: You should note a nasty "feature" (as Microsoft sometimes calls it) - When you perform a search for a user through the regular Find function, the results won't let you see this additional information for the user's object. You'll need to manually browse to the user object and then double-click it... (I thank reader Rene Fisher for the heads-up).