Miguel Morujão
Reputation: 1161
LDAP only inactive users query
i have a ldap query that only searchs for active users. The query is the following:
"(&(objectclass=user)(objectcategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(whenchanged>=#LAST_DAYS#))"
I assumed that i only had to remove the "!" to get the inactive users, but i was wrong. Any ideas?
Upvotes: 2
Views: 2956
Answers (1)
user2316116
Reputation: 6814
Are you sure that (whenchanged>=#LAST_DAYS#) is correct? If yes, try to query accounts without using userAccountControl and see if it returns more accounts than when you use =2. 2 stands for UF_ACCOUNT_DISABLE and corresponds to "Account is disabled" flag in the Account Properties (user may not login to the domain). You can also go to AD and see if accounts have that flag enabled.
Upvotes: 2
Related Questions
- What are CN, OU, DC in an LDAP search?
- ldap nested group membership
- get mail attribute from LDAP using c#
- What are the differences between LDAP and Active Directory?
- Active directory filter to return inactive users
- LDAP Query Search Depth Problem
- How to write LDAP query to test if user is member of a group?
- Is there a list of values I can use for objectClass and objectCategory?
- LDAP Query with sub result