And if you are using adfind you can just say Adfind -b whatever -bit -f "&(objectcategory=person)(objectclass=user)(useraccountcontrol:AND:=2)"
i.e. you don't have to remember the control OIDs for AND or OR. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Friday, July 16, 2004 7:55 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] LDAP query string to identify Enabled vs Disabled User Account Hi Jerry Enabled users (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113 556.1.4.803:=2))) Disabled users (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.11355 6.1.4.803:=2)) Tony ---------- Original Message ---------------------------------- Wrom: NNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKEDOTWF Reply-To: [EMAIL PROTECTED] Date: Fri, 16 Jul 2004 07:45:22 -0400 My poor old mind has seen this but lost it :) Can someone provide an LDAP query string to identify when a User object is Enabled or Disabled in AD? Thanks, Jerry Jerry Welch CPS Systems US/Canada: 888-666-0277 International: +1 703 827 0919 (-4 GMT) List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ________________________________________________________________ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
