Thanks everyone for the info! Mike Newell Sr. Network Engineer Dimensional Fund Advisors 310-633-7889
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Tuesday, October 18, 2005 9:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] userAccountControl It doesn't! 1.2.840.113556.1.4.803 is the equivalent of AND which is a LDAP matching rule object identifier (OID) It is bit 2 not because of the =2 but because of: 2^0=1 (1st bit) 2^1=2 (2nd bit) Etc. 2^9=512 (10th bit) Etc. 2^12=4096 (13th bit) Etc. 2^16=65536 (17th bit) Etc. userAccountControl:1.2.840.113556.1.4.803:=2 MEANS: bit 2 (2^1) from the userAccountControl attribute is ON (which means USER=DISABLED) (!(userAccountControl:1.2.840.113556.1.4.803:=2)) MEANS: bit 2 from the userAccountControl attribute is OFF (which means USER=ENABLED) Think binary ;-) (like IP addresses) 00000000 (bin) = 0 (dec) 1 1 1 1 1 1 1 1 (bin) = 255 (dec) 1x2^7 1x2^6 1x2^5 1x2^4 1x2^3 1x2^2 1x2^1 1x2^0 128 64 32 16 8 4 2 1 = 255 (dec) 1 1 1 0 1 0 1 1 (bin) = 235 (dec) 1x2^7 1x2^6 1x2^5 0x2^4 1x2^3 0x2^2 1x2^1 1x2^0 128 64 32 0 8 0 2 1 = 235 (dec) You can find more info and explanations at: http://www.microsoft.com/technet/scriptcenter/resources/qanda/may05/hey0 512.mspx http://www.alvestrand.no/objectid/1.2.840.113556.1.4.803.html http://www.petri.co.il/ldap_search_samples_for_windows_2003_and_exchange .htm http://www.tek-tips.com/faqs.cfm?fid=5667 Cheers, jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Newell Sent: Tuesday, October 18, 2005 17:45 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] userAccountControl Hello, I am looking at some of these saved queries below and I don't see how they work. http://www.netpro.com/forum/messageview.cfm?catid=29&threadid=257 I *think* I understand how the bit flags work but how does the LDAP query correspond to those flags? If I look at say, the disabled user query it is: (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.1 13556.1.4.803:=2)) How does 1.2.840.113556.1.4.803 translate to the second bit? Just wanting to get this straight. Thanks again for the help. Mike. Mike Newell Sr. Network Engineer Dimensional Fund Advisors 310-633-7889 This message and any attachments (the "Message") may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message and any attachments (the "Message") may contain confidential, proprietary and/or privileged information and are only for their intended recipient(s). If you are not the intended recipient, you should notify the sender and delete the Message. E-mail transmissions cannot be guaranteed to be secure or error-free. This Message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or financial instruments, or to provide investment advice in any jurisdiction where the sender is not properly licensed or permitted to do so. This Message is subject to additional conditions and restrictions. Please read them here: http://legal.dimensional.com/email/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
