I'm trying to setup a dynamic group with an exclusion rule for user accounts that are expired.
The only way I could find, up to now, is to include the max expiry date as "hard-coded" in the LDAP query of the "custom search" rule: "(|(accountExpires>=132517692000000000)(accountExpires=0))"
Unfortunately, this workaround means that the date never changes until a manual edition off this LDAP query... which is not ideal.
Would anyone know a way to include this "accountExpires" critera in any smarter way?
Thanks a lot by advance for any idea!