How do you check if a computer account is disabled in Active Directory using C#/.NET
views:
3877answers:
4
+4
A:
Try this entry:
http://www.codeproject.com/KB/system/everythingInAD.aspx#42
You will want to examine the User Account Control flags.
Gregory A Beamer
2009-02-26 17:59:58
+8
A:
Try this:
class Program
{
static void Main(string[] args)
{
const string ldap = "LDAP://your-ldap-server-here";
using (DirectoryEntry conn = new DirectoryEntry(ldap))
{
using (DirectorySearcher searcher = new DirectorySearcher(conn))
{
searcher.Filter = "(|(samAccountName=userA)(samAccountName=userB))";
searcher.PropertiesToLoad.Add("samAccountName");
searcher.PropertiesToLoad.Add("userAccountControl");
using (SearchResultCollection results = searcher.FindAll())
{
foreach (SearchResult result in results)
{
int userAccountControl = Convert.ToInt32(result.Properties["userAccountControl"][0]);
string samAccountName = Convert.ToString(result.Properties["samAccountName"][0]);
bool disabled = ((userAccountControl & 2) > 0);
Console.WriteLine("{0} ({1:x}) :: {2}", samAccountName, userAccountControl, disabled);
}
}
}
}
Console.ReadLine();
}
}
The second bit of userAccountControl will be 1 if the account is disabled.
Leandro López
2009-02-26 18:16:43
+1
A:
Without checking bits, adding:
(userAccountControl:1.2.840.113556.1.4.803:=2)
to your filter should return only disabled users. Of course,
(!userAccountControl:1.2.840.113556.1.4.803:=2)
will ensure that users are not disabled if you'd prefer to go that route.
vinny
2009-03-05 14:51:12
+3
A:
If you are using .NET 3.5, you can use the new System.DirectoryServices.AccountManagment namespace methods to much more easily access Active Directory. The UserPrincipal object has an Enabled property that gives you what you are looking for.
There is a good overview of these routines in the January 2008 MSDN Magazine. You can read the article online here: Managing Directory Security Principals in the .NET Framework 3.5
DoniG
2009-05-02 21:18:18