On Friday 01 April 2005 18:02, Giuoco, Aaron wrote:
Hi,
> I am trying to find all user accounts in a Windows 2000 Active Directory
> that are not disabled using the Net::LDAP module. This is the code I'm
> using for my search:
>
> my $base = 'OU=Domain Users,DC=mydomain,DC=com';
> my $filter =
> '(&(objectclass=user)(objectCategory=person)(!useraccountcontrol:1.2.840.11
>3556.1.4.803:=2))'; my @attrs = ['cn','mail','telephoneNumber'];
> my $scope = 'sub';
> my $searchRes = $ldap->search(
> base => $base,
> filter => $filter,
> scope => $scope,
> attrs => @attrs
> );
>
> I worked out the filter using LDP.exe, so I'm fairly certain it works and
> is correct. It returns all of the active users when run in LDP. However,
> this search returns no results when I run the perl script. If I remove the
> useraccountcontrol section from my filter and run the script, it will
> return all users (enabled and disabled). I am confused as to why the filter
> would work through LDP and not in my perl script. Any guidance is greatly
> appreciated.
What I have been using to enable/disable the accounts in AD with perl_ldap is
setting next values to the userAccountControl attribute:
512 (enabled)
514 (disabled)
The example to disable account might look like:
$ldap->modify( "cn=foo,OU=bar,dc=example,dc=dom",
replace => { userAccountControl => 514 } );
Cheers,
--
[EMAIL PROTECTED]
