I need to find out disabled users from ldap

active-directory ldap openldap
10,495

You can use this filter:

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

To find all users with the User-Account-Control value of 0x00000002

Share:
10,495
user2631587
Author by

user2631587

Updated on June 05, 2022

Comments

  • user2631587
    user2631587 almost 2 years

    I am trying to find out whether a user is disabled in ldap using ldapsearch utility but I have been unsuccessful so far. This is what i have got so far

    ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password'
# extended LDIF
#
# LDAPv3
# base <basedn> with scope subtree
# filter: sAMAccountName=disabled user
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

    I have even tried with -LLL nsaccountlock it give me nothing. Its the same with a random string for user as well. I need to find out that the user that I am specifying whether its an active or disabled user or not a user at all. Am I doing something wrong? is there another utility I can use to determine if the user is disabled

  • user2631587
    user2631587 over 6 years
    I tried ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password' (&(objectCategory=person)(objectClass=user)(userAccountContr‌​ol:1.2.840.113556.1.‌​4.803:=2)) but it gave me an error -bash: syntax error near unexpected token `('
  • jwilleke
    jwilleke over 6 years
    That is something to do with bash escaping. Try using quotes (or double quotes) something like ldapsearch -h hostname -D 'Service Account' -b 'basedn' sAMAccountName='disabled user' -w 'password' '(&(objectCategory=person)(objectClass=user)(userAccountCont‌​r‌​ol:1.2.840.113556‌​.1.‌​4.803:=2))'
  • user2631587
    user2631587 over 6 years
    ok single quotes did work, Thank You, but all I get is this information # extended LDIF # # LDAPv3 # base <ou=Employees,ou=Accounts,ou=Fidelis,DC=ads,DC=fideliscare,D‌​C=org> with scope subtree # filter: sAMAccountName=disabled user # requesting: (&(objectCategory=person)(objectClass=user)(userAccountCont‌‌​​r‌​ol:1.2.840.11355‌​6‌​.1.‌​4.803:=2)) # # search result search: 2 result: 0 Success
  • mgutt
    mgutt about 2 years
    I tried the userAccountControl value and it returns some disabled accounts, but one specific is not returned. I tried to find any differences through the Windows AD Tools, but was not able to find any. Strange.
  • jwilleke
    jwilleke about 2 years
    It is a disabled account or a "locked out" account? Do you have permissions to read the account?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the other alternative to test a LDAP connection on linux machine
Is there an LDAP standard group membership attribute for users?
Finding DNS name of exchange server for user using LDAP
Configuring OpenLDAP as a Active Directory Proxy
ldapquery an Active Directory server for users that belongs to a group named X
ldapsearch against Active Directory fails authentication + search params wrong
How do I migrate user-accounts from OpenLDAP to Active-Directory?
Finding closest Domain Controller through LDAP
Can't query AD using Kerberos from Linux host
Linux and Azure AD sync possible?