Saved queries is a function in the Active Directory users and Computers MMC. It lets you create and save queries that can be used later.

1. Open Active Directory Users and Computers

2. Rick click “Saved Queries” then select “New” then “Query”

3. Name the Query

In this example I named it “All Locked out User Accounts”

4. Click “Define Query”

5. Select “Custom Search”

Click the “Advanced tab”

6.In the box copy and paste this query string below

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

Then click “OK”

You will now have a saved query that can be used over and over again.

That’s how you create a saved query to find locked accounts. This query will be saved and used repeatedly to find locked accounts.

Methods 2: PowerShell

Using PowerShell to find all the locked user accounts is a simple command.

1. Open PowerShell

2. From the PowerShell command line type the following command:

Search-ADAccount -LockedOut

You can see this returns the same users as my saved query.

Both methods are great for quickly finding all the locked accounts in Active Directory. Either method will make administration more efficient and may reveal some suspicious activity in AD.