Useraccountcontrol is a bit flag attribute. You get 514 because a disabled
user account has the following properties:
2 : disabled
512 : normal account (not a special account)
You can get the list of flags here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi
/ads_user_flag_enum.asp
You can use 2 or 514 to find disabled users. This filter will match
disabled users:
(&(objectCategory=person)(objectclass=user)(userAccountControl:1.2.840.11355
6.1.4.803:=2))
Without objectclass, the filter could also match computer objects.
You can find other examples of using Net::LDAP with AD here:
http://rallenhome.com/books/managingenterprisead/code.html
Let me know if you have any questions.
Robbie Allen
http://www.rallenhome.com/
> -----Original Message-----
> From: Larivee, Chris [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 29, 2003 5:19 PM
> To: [EMAIL PROTECTED]
> Subject: RE: :LDAP, Active Directory and Disabled Users
>
>
>
> Do some testing - query userAccountControl for an active user - then
> disable the user and query userAccountControl again. The
> result will be
> the what you should use in your query. In my case all inactive users
> are 514 ....
>
> Best of luck ... HTH
>
> -----Original Message-----
> From: Steenhagen, Jacob [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 29, 2003 4:50 PM
> To: [EMAIL PROTECTED]
> Subject: Net::LDAP, Active Directory and Disabled Users
>
>
> I've been trying to write a simple perl script that will query the
> active
> directory via LDAP and give me a list of email addresses for disabled
> users
> (eg, addresses we don't want to accept email for anymore). I found a
> website
> or two that suggested I use the following as my filter:
>
> (&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))
>
> I was beginning to think these websites were wrong as whenever I tried
> this
> filter, I'd go no results. With other filters, I'd get the results I'd
> expect to get. I then tried that filter in a couple other applications
> (one
> MS tool and a PHP script running on the same box as my perl
> script) and
> it
> worked as expected in those cases. In the interest of
> testing, I created
> a
> Net::LDAP::Filter object in my script and it seemed to parse
> the filter
> fine. But when I try to run it via the search routine of
> Net::LDAP I get
> the
> following error:
>
> I/O Error at ./gather_email.pl line 24, <DATA> line 283.
>
>
> Unfortunately, I'm not an LDAP expert by any means nor am I at all
> familiar
> with the Net::LDAP code so I think I've hit a stand-still. Has anybody
> else
> experienced this (I did try a couple searches and came up empty). Or
> better
> yet, does anybody know how to fix it :).
>
>
> Thanks,
> Jake
>
>
> --
> "Outlook not so good." That magic 8-ball knows everything! I'll ask
> about Exchange Server next.
>
>
>
> * EMAIL DISCLAIMER AND TERMS OF USE *
> The information transmitted is intended only for the person to whom it
> is addressed and may contain confidential and/or privileged
> material. If
> you have received an email in error please notify [EMAIL PROTECTED]
> and then delete all copies of it from your systems.
> Any use of, or any action relying upon, information in an email by
> persons other than the intended recipient is prohibited.
> Although Hilite International scans incoming and outgoing emails and
> email attachments for viruses we cannot guarantee a
> communication to be
> free of all viruses nor accept any responsibility for viruses.
>
> Although Hilite International monitors incoming and outgoing
> emails for
> inappropriate content, Hilite International cannot be held responsible
> for the views or expressions of the author.
> The views expressed may not necessarily be those of Hilite
> International
> and Hilite International cannot be held responsible for any loss or
> injury resulting from the contents of a message.
>
>
>
> This e-mail, including any attachments, is a confidential
> business communication, and may contain information that is
> confidential, proprietary and/or privileged. This e-mail is
> intended only for the individual(s) to whom it is addressed,
> and may not be saved, copied, printed, disclosed or used by
> anyone else. If you are not the(an) intended recipient,
> please immediately delete this e-mail from your computer
> system and notify the sender. Thank you.
>
