Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Disable an AD Account via LDAP

by fritz1968 (Sexton)
on Oct 08, 2012 at 14:45 UTC ( #997828=perlquestion: print w/ replies, xml ) Need Help??
fritz1968 has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I am looking for some sample code that will allow me to disable (and enable) a Active Directory user account. I have not been able to find anything (in Perl) that is helpful.

Any help/suggestions/links/etc... would be much appreciated.

thanks, Frank

Comment on Disable an AD Account via LDAP
Re: Disable an AD Account via LDAP
by NetWallah (Abbot) on Oct 08, 2012 at 15:34 UTC
    The LDAP attribute you need to use is:
    useraccountcontrol:1.2.840.113556.1.4.803
    I do not have actual code to SET/RESET that, but you can start with: this StackOverflow article.

                 I hope life isn't a big joke, because I don't get it.
                       -SNL

Re: Disable an AD Account via LDAP
by netsecgeek (Initiate) on Apr 12, 2013 at 19:44 UTC
    Per http://support.microsoft.com/kb/305144, the UAC code for a Normal_Account is 512. Make it 514 to disable the account.
    my $ldap = Net::LDAP->new($host) or die "$@"; my $bind = $ldap->bind($bind_dn, password => $bind_pw); my $result = $ldap->modify($user_dn, replace => { userAccountControl = +> '512' }); $ldap->unbind();

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://997828]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (9)
As of 2014-12-22 07:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (112 votes), past polls