LDAP: is an account disabled ?

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

hi,

can I check with LDAP if an account is disabled ? is there a field for
that ?

can I specify in an LDAP request made with netscape not to return the
disabled account ?

TIA,
Pierre.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

If you have access to an XP Pro computer you can use the dsquery tool to search for
disabled accounts if that helps. -- Steve

http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/dsquery_user.asp

"Pierre Bru" <Pierre.Bru@spotimage.fr> wrote in message
news:4135E5AD.8060502@spotimage.fr...
> hi,
>
> can I check with LDAP if an account is disabled ? is there a field for that ?
>
> can I specify in an LDAP request made with netscape not to return the disabled
> account ?
>
> TIA,
> Pierre.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Yes you can check with LDAP, you want to avoid any accounts where
(useraccountcontrol:1.2.840.113556.1.4.803:=2) isn't true. So you simply add the
following to whatever your query currently is

(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Pierre Bru wrote:
> hi,
>
> can I check with LDAP if an account is disabled ? is there a field for
> that ?
>
> can I specify in an LDAP request made with netscape not to return the
> disabled account ?
>
> TIA,
> Pierre.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Joe Richards [MVP] wrote:

> Yes you can check with LDAP, you want to avoid any accounts where
> (useraccountcontrol:1.2.840.113556.1.4.803:=2) isn't true. So you simply
> add the following to whatever your query currently is
>
> (!(useraccountcontrol:1.2.840.113556.1.4.803:=2))
>
> joe

thx a lot Joe! where can I find info on AD proprietary fields and their
bitmask/values ?

Pierre.

> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> Pierre Bru wrote:
>
>> hi,
>>
>> can I check with LDAP if an account is disabled ? is there a field for
>> that ?
>>
>> can I specify in an LDAP request made with netscape not to return the
>> disabled account ?
>>
>> TIA,
>> Pierre.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

MSDN Library. http://msdn.microsoft.com/library

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Pierre Bru wrote:
> Joe Richards [MVP] wrote:
>
>> Yes you can check with LDAP, you want to avoid any accounts where
>> (useraccountcontrol:1.2.840.113556.1.4.803:=2) isn't true. So you
>> simply add the following to whatever your query currently is
>>
>> (!(useraccountcontrol:1.2.840.113556.1.4.803:=2))
>>
>> joe
>
>
> thx a lot Joe! where can I find info on AD proprietary fields and their
> bitmask/values ?
>
> Pierre.
>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> www.joeware.net
>>
>>
>>
>> Pierre Bru wrote:
>>
>>> hi,
>>>
>>> can I check with LDAP if an account is disabled ? is there a field
>>> for that ?
>>>
>>> can I specify in an LDAP request made with netscape not to return the
>>> disabled account ?
>>>
>>> TIA,
>>> Pierre.