问题
I am trying to find out whether a user is disabled in ldap using ldapsearch utility but I have been unsuccessful so far. This is what i have got so far
ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password'
# extended LDIF
#
# LDAPv3
# base <basedn> with scope subtree
# filter: sAMAccountName=disabled user
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
I have even tried with -LLL nsaccountlock it give me nothing. Its the same with a random string for user as well. I need to find out that the user that I am specifying whether its an active or disabled user or not a user at all. Am I doing something wrong? is there another utility I can use to determine if the user is disabled
回答1:
You can use this filter:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))
To find all users with the User-Account-Control value of 0x00000002
来源:https://stackoverflow.com/questions/46575050/i-need-to-find-out-disabled-users-from-ldap