Last post Aug 30, 2010 05:58 PM by mbanavige
Aug 30, 2010 03:59 PM|MikeMackey|LINK
I have an LDAP query that is returning many users, some of which are no longer active with my company. I've been trying to find out what field marks them as inactive, but with no success yet. I've tried msDS-UserAccountDisabled, ms-DS-UserAccountAutoLocked,
I'm also asking our IT guys what field they use, but ...it may be a long long time before they ever get back to me:)
Thanks for any help,
Aug 30, 2010 05:58 PM|mbanavige|LINK
It's a bit flag.
If bit 2 on userAccountControl is set, then the account is disabled.
So add this into your query to exclude disabled accounts
Note: 1.2.840.1135184.108.40.2063 represents a boolean AND operation