Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Disable an AD Account via LDAP

by fritz1968 (Sexton)
on Oct 08, 2012 at 14:45 UTC ( #997828=perlquestion: print w/ replies, xml ) Need Help??
fritz1968 has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I am looking for some sample code that will allow me to disable (and enable) a Active Directory user account. I have not been able to find anything (in Perl) that is helpful.

Any help/suggestions/links/etc... would be much appreciated.

thanks, Frank

Comment on Disable an AD Account via LDAP
Re: Disable an AD Account via LDAP
by NetWallah (Abbot) on Oct 08, 2012 at 15:34 UTC
    The LDAP attribute you need to use is:
    useraccountcontrol:1.2.840.113556.1.4.803
    I do not have actual code to SET/RESET that, but you can start with: this StackOverflow article.

                 I hope life isn't a big joke, because I don't get it.
                       -SNL

Re: Disable an AD Account via LDAP
by netsecgeek (Initiate) on Apr 12, 2013 at 19:44 UTC
    Per http://support.microsoft.com/kb/305144, the UAC code for a Normal_Account is 512. Make it 514 to disable the account.
    my $ldap = Net::LDAP->new($host) or die "$@"; my $bind = $ldap->bind($bind_dn, password => $bind_pw); my $result = $ldap->modify($user_dn, replace => { userAccountControl = +> '512' }); $ldap->unbind();

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://997828]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (10)
As of 2015-07-06 23:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (85 votes), past polls