Using C#, how do you check if a computer account is disabled in active directory?
How do you check if a computer account is disabled in Active Directory using C#/.NET
-
Without checking bits, adding:
(userAccountControl:1.2.840.113556.1.4.803:=2)
to your filter should return only disabled users. Of course,
(!userAccountControl:1.2.840.113556.1.4.803:=2)
will ensure that users are not disabled if you'd prefer to go that route.
讨论(0) -
hey i got it finallyy :) here is my code hope it helps you
const int ADS_UF_ACCOUNTDISABLE = 0x00000002;
DirectoryEntry de = new DirectoryEntry(); de.Path = "LDAP://companyname.com"; DirectorySearcher objADSearcher = new DirectorySearcher(de); de.AuthenticationType = AuthenticationTypes.Secure; objADSearcher.SearchRoot = de; objADSearcher.Filter = "(SAMAccountName=" + TextBox1.Text + ")"; SearchResult results = objADSearcher.FindOne(); if (results.ToString() !="") { int flags= Convert.ToInt32(results.Properties["userAccountControl"][0].ToString());//for reference results.Properties["userAccountControl"][0].ToString().Equals("514");
if (Convert.ToBoolean(flags & ADS_UF_ACCOUNTDISABLE)) { Response.Write("Account Disabled"); }讨论(0) -
Leandro López's answer is cool and works... the other option is we can do a LINQ for the userAccountControl with the values of disable and make those uses disabled
replie from userAccountControl are :
512 Enabled Account
514 Disabled Account
544 Enabled, Password Not Required
546 Disabled, Password Not Required
66048 Enabled, Password Doesn't Expire
66050 Disabled, Password Doesn't Expire
66080 Enabled, Password Doesn't Expire & Not Required
66082 Disabled, Password Doesn't Expire & Not Required
262656 Enabled, Smartcard Required
262658 Disabled, Smartcard Required
262688 Enabled, Smartcard Required, Password Not Required
262690 Disabled, Smartcard Required, Password Not Required
328192 Enabled, Smartcard Required, Password Doesn't Expire
328194 Disabled, Smartcard Required, Password Doesn't Expire
328224 Enabled, Smartcard Required, Password Doesn't Expire & Not Required
328226 Disabled, Smartcard Required, Password Doesn't Expire & Not Required
讨论(0) -
If you are using .NET 3.5, you can use the new System.DirectoryServices.AccountManagment namespace methods to much more easily access Active Directory. The UserPrincipal object has an Enabled property that gives you what you are looking for.
There is a good overview of these routines in the January 2008 MSDN Magazine. You can read the article online here: Managing Directory Security Principals in the .NET Framework 3.5
讨论(0) -
Try this entry:
http://www.codeproject.com/KB/system/everythingInAD.aspx#42
You will want to examine the User Account Control flags.
讨论(0) -
Try this:
class Program { static void Main(string[] args) { const string ldap = "LDAP://your-ldap-server-here"; using (DirectoryEntry conn = new DirectoryEntry(ldap)) { using (DirectorySearcher searcher = new DirectorySearcher(conn)) { searcher.Filter = "(|(samAccountName=userA)(samAccountName=userB))"; searcher.PropertiesToLoad.Add("samAccountName"); searcher.PropertiesToLoad.Add("userAccountControl"); using (SearchResultCollection results = searcher.FindAll()) { foreach (SearchResult result in results) { int userAccountControl = Convert.ToInt32(result.Properties["userAccountControl"][0]); string samAccountName = Convert.ToString(result.Properties["samAccountName"][0]); bool disabled = ((userAccountControl & 2) > 0); Console.WriteLine("{0} ({1:x}) :: {2}", samAccountName, userAccountControl, disabled); } } } } Console.ReadLine(); } }The second bit of
userAccountControlwill be 1 if the account is disabled.讨论(0)
加载中...
- 热议问题