Acctinfo.dll Windows Server 2003 Resource Kit Tools

Microsoft's Windows Server 2003 Resource Kit Tools are a set of tools to help administrators streamline management tasks such as troubleshooting operating system issues, managing Active Directory, configuring networking and security features, and automating application deployment. This segment of my in-depth review of these tools will explore the one listed first alphabetically: AccountInfo.dll, aka Acctinfo.dll.
Acctinfo.dll is actually a DLL. If you don't consider DLLs to be tools, you're probably wondering why it's in the kit at all. The reason is that it adds to the functionality of the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, a tool for managing your users, groups and computers.
Once you register the DLL, you'll get another tabbed option when looking at a user's account properties. On the tab, you'll find the following:
General Account Info, including: Lock Out status, Domain Password Policy being applied, Password Last Set date and Password Expiration date
Logon Information, including: Last Logon attempt, Logon Count, Last Logon and Logoff, Last Bad Logon Time, Bad Password Count
Active Directory account attributes, including: User Account Control, SID and SID History, GUID, User-DN-Site-Domain Controller (e.g., the account's Active Directory path). Warning: See the section below on issues regarding the "Set PW On Site DC" button.
System requirements for Acctinfo.dll
Windows Server 2003 or Windows 2000 Server operating system
You must be an Administrator to install Acctinfo.dll.
Acctinfo.dll must be registered on each computer on which Active Directory Users and Computers is employed to access user account information.
Installation of Acctinfo.dll
To install and register Acctinfo.dll, perform these three steps:
1. Copy the file Acctinfo.dll to the %windir%\system32 folder.
2. Start-->Run-->type: cmd
3. In the command window, type regsvr32 c:\windows\system32\acctinfo.dll. You should receive a dialog box that states the registration was successful.
To uninstall Acctinfo.dll, type regsvr32 /u c:\windows\system32\acctinfo.dll.
General use
The primary purpose of the Additional Account Info tab is to display account information. But it also allows you to change a user's password and unlock an account. Normally, an administrator would have to tab around to get to this information, which is likely the most commonly used functionality in your Active Directory network for managing user accounts. For many systems administrators, the tab basically becomes a one-stop shop for most of their daily user account administration needs.
Issues with Acctinfo.dll
The readme.htm file included with Acctinfo.dll lists five issues to be considered.
1. In some cases, the information is not actually stored in Active Directory, but is calculated only when needed. For example, the date that a user's password will expire is not stored in Active Directory. Active Directory stores the date that the password was last set and the maximum allowed password age (for example, passwords must be set every 60 days).
To determine the actual date that a password expires, you typically have to use scripts to retrieve this information and calculate the expiration date. Acctinfo.dll performs these calculations for you.
2. In some cases, information is stored locally rather than in Active Directory. For example, last logon and last logoff times are stored on each individual domain controller and are not replicated throughout the domain. Acctinfo.dll enables you to determine the last time a user logged on or logged off from a specified domain controller. If users are typically authenticated by the same domain controller, this will tell you when these users last logged on to or logged off from the domain. If users are authenticated by multiple domain controllers, you'll need to install Acctinfo.dll on each of these servers and check the account information on each one.
3. You can unlock a user account using this tab, but you must also change the password to do it.
4. If you click on the "Set PW On Site DC" button, be sure that you do not click the OK button when closing, as you may inadvertently set the user accounts password to blank. Just click Cancel.
5. When using the Find option to locate an account in the AD Users and Computers snap-in, the Additional Info tab does not appear when you display the properties of the account from the search window.
More information on this topic:
Tip: Guide to the Windows Server 2003 Windows Resource Kit Tools
Topics: Admin toolsSign up for our RSS feed to receive expert advice every day.