AD Security Feature you should know about

As the title of this site states, it is a real battle to keep up with the technology and an even bigger challenge to have a life along with that effort.  On a fairly regular basis now I realize this when a standard feature of a widely available tool or technology is virtually unknown and therefore unused.  I am pretty sure that queries in Active Directory falls into this catagory.

In Active Directory Users and Computers you can create custom queries through the MMC that can help you track down security problems that are very work intensive to do manually.  In the Common Quesries dialog you can even check a box to search for Non expiring passwords and disabled accounts.  Disabled accounts aren’t very interesting since the UI gives you that list in a browsable AD, but accounts set to bypass the password expiration rules are a perfect way for an outgoing administrator to create and preserve a backdoor.

Check it out, who knows what else you might find in there!