Inactive Accounts in AD

There are many ways to find inactive accounts in Active Directory (i.e. computer or user accounts that have not logged to the domain for an extended period of time).”

There are many ways to accomplish the task.TechNet script center has a fair amount of scripts that deal with the problem:

However, in this post I’d like to shed some light  on a different method using the GUI instead of the command line.

You can use “Active Directory administrative center” (available in Windows 2008 R2 and above) to list inactive accounts.

From “global search”, select “add criteria” then “users with enabled accounts who have not logged on for more than this number of days”. You can modify the number of days by clicking on the number. For example, you can use the below filter to find users who have not logged on for 90 days (3 months)




You can see the equivalent LDAP query for the filter using the “convert to LDAP” radio button. Here you can also edit the LDAP query as you see fit. Note that the query makes use of the lastlogontimestamp attribute to find inactive accounts.

For a very good explanation of how lastlogontimestamp works, you can check the following article:

“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”




You can also edit the LDAP query to include both user and compute accounts by changing the objectClass in the LDAP query as follows:




Afterwards, you can easily select the search results and move them all to a separate OU to delete them later.


Make a New Storage Group and Mailbox Database in SCC Exchange 2007

To make a new Data base in a Exchange 2007 Single Copy Cluster (SCC) you have to take care of configuring the Disk Dependencies.

To Configure the Disk Dependencies in Cluster environment, I’m sharing the following articles:

If the disk you will use to create the SG is not added in the cluster, you need to add it.

Find AD users with most of their Attributes and save the result to a CSV file

Find Users who didn’t Login for specific period and Move them to Specific OU

Maximum Message Size in Outlook Web Access

In the last post i showed the way to increase the message size for the outlook users from different exchange scopes and how to modify the registry on the client to break the outlook limitation.

Today I’m going to increase the message size limit for the OWA users.

The modification has to be done on the CAS servers using Web.config file and the Exchange Management Shell.

To reach this goal you have to modify the maxRequestLength value by following the below steps:

  • Find the Web.config files on the Client Access server on OWA and EWS directories. The default locations are <drive>\Program Files\Microsoft\ExchangeServer\ClientAccess\Owa  and  <drive>\Program Files\Microsoft\ExchangeServer\ClientAccess\exchweb\ews

  • Make a backup copy of the file.

  • Use Notepad or another text editor to open the original file. Do not use Internet Information Services (IIS) to edit the Web.config file.

  • Find the maxRequestLength value, and change it to the value that you want. The value is in kilobytes (KB), and the default value is 30000.

    <httpRuntime maxRequestLength="70000" />


  • Save and close the files

  • open the command prompt and run the following:
         cd \Windows\System32\inetsrv
    appcmd set config "Default Web Site/ews" -section:requestFiltering -requestLimits.maxAllowedContentLength:value
    appcmd set config "Default Web Site/owa" -section:requestFiltering -requestLimits.maxAllowedContentLength:value




  • do iisreset




  • Increase Message Size Limit in Exchange 2007 sp1 ( For Outlook Users )

    By default the message size limit is 10 MB for sending and receiving, what we are going to do is to increase this limit to make it 70 MB.

    here what  I’m going to do is for outlook users, (for OWA users will be in different post)

    The modifications have to be done on different levels:

    • Organization Level:

    The settings here will affect all exchange servers on the organization.

    Organization Configuration -> Hub Transport -> Global Settings tab ->  Transport Settings -> Properties -> set Maximum Receive Size and Maximum Send Size



    Read the rest of this entry »

    Error ID 1053 couldn’t Start the Update Services

    I had a problem with my down stream WSUS server, which it was not synchronizing with the Upstream server , i found that the update service is not started , when i tried to start it i got this error:

    couldn’t Start the Update Services on local computer

    Error ID 1053: The service didn’t respond to the start or control request in timely fashion

    The solution was to modify the  ServicesPipeTimeout entry on the registry:

    • Click Start, click Run, type regedit, and then click OK.
    • Locate and then click the following registry subkey:


    • In the right pane, locate the ServicesPipeTimeout entry.

    If the ServicesPipeTimeout entry does not exist, you must create it. To do this, follow these steps:

    1. On the Edit menu, point to New, and then click DWORD Value.
    2. Type ServicesPipeTimeout, and then press ENTER.
    • Right-click ServicesPipeTimeout, and then click Modify.
    • Click Decimal, type 60000, and then click OK.

    This value represents the time in milliseconds before a service times out.

    • Restart the computer.