Expired accounts

Hello everyone,

I'm trying to setup a dynamic group with an exclusion rule for user accounts that are expired.

The only way I could find, up to now, is to include the max expiry date as "hard-coded" in the LDAP query of the "custom search" rule: "(|(accountExpires>=132517692000000000)(accountExpires=0))"

Unfortunately, this workaround means that the date never changes until a manual edition off this LDAP query... which is not ideal.

Would anyone know a way to include this "accountExpires" critera in any smarter way?

Thanks a lot by advance for any idea!