Discussion:
msDS-User-Account-Control-Computed sample
(too old to reply)
Rick E
2006-08-04 19:41:01 UTC
Permalink
I've read in KB305144 that for 2003 Windows Servers
ouser.msDS-User-Account-Control-Computed sample has replaced
oUser.UserAccountControl for detecting locked out accounts but I can't seem
to access it via my scripts. Does anyone have any good sample code to read
this value and report if the user is locked out? Assume you have a valid
LDAP user object. I'm assuming this should all work even if I'm running it
on and XP PC against a 2003 AD DC?
asdf
2006-08-05 06:49:39 UTC
Permalink
http://support.microsoft.com/default.aspx?scid=kb;en-us;305144


Link the teaser, or are you just looking for cerebral prostitutes ?
Post by Rick E
I've read in KB305144 that for 2003 Windows Servers
ouser.msDS-User-Account-Control-Computed sample has replaced
oUser.UserAccountControl for detecting locked out accounts but I can't seem
to access it via my scripts. Does anyone have any good sample code to read
this value and report if the user is locked out? Assume you have a valid
LDAP user object. I'm assuming this should all work even if I'm running it
on and XP PC against a 2003 AD DC?
Rick E
2006-08-07 13:13:02 UTC
Permalink
To any professionals who may have any helpful insight, at this point I
rechecked the KB artciles I referenced at the beginning of the post. The
ms-dn-user-account-control-computed values are not different between locked
and unlocked accounts. I've also tried the "AND 16" but there's no
difference.

My best guess at this point is that even though the article says this is
available in a Winodws 2003 server environment, which we have, but I believe
we're still running in mixed mode verses native thus making this property
unavailable?
Post by asdf
http://support.microsoft.com/default.aspx?scid=kb;en-us;305144
Link the teaser, or are you just looking for cerebral prostitutes ?
Post by Rick E
I've read in KB305144 that for 2003 Windows Servers
ouser.msDS-User-Account-Control-Computed sample has replaced
oUser.UserAccountControl for detecting locked out accounts but I can't
seem
Post by Rick E
to access it via my scripts. Does anyone have any good sample code to
read
Post by Rick E
this value and report if the user is locked out? Assume you have a valid
LDAP user object. I'm assuming this should all work even if I'm running
it
Post by Rick E
on and XP PC against a 2003 AD DC?
Loading...