Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: NET::LDAP disable AD user

by dasgar (Priest)
on Sep 28, 2010 at 11:26 UTC ( [id://862394]=note: print w/replies, xml ) Need Help??


in reply to NET::LDAP disable AD user

I've never used that module, but I've got a few ideas. Hopefully I'm not too off base with them.

Here's my guess on what may be happening. In your code, you're trying to delete the userAccountControl attribute and then add it back in with a value. Active Directory is probably considering this to be a required and/or protected attribute and is throwing an error when you try to delete it.

After taking a quick peek at the Net::LDAP module's documentation, I'd recommend trying to use 'replace' method instead of the 'delete' and 'add' combo. In other words, something like:

$res = $ldap->modify ($distinguishedName,
   replace => {userAccountControl => "514"}
};

[download]

I'm not guaranteeing that this will for sure work, but it seems to make sense in my mind at least.

Replies are listed 'Best First'.
Re^2: NET::LDAP disable AD user
by OldManYoss (Initiate) on Sep 28, 2010 at 12:27 UTC
    Hi, thanks for the reply but I am getting the same error when trying to use the replace function.
[reply]

      I've got one last idea. Are you sure that you're passing the value in the correct format? Since you've got the 514 inside of quotes, that would cause Perl to treat it as a string. Also, I'm guessing that from the link you provided that Active Directory may be dealing with hexadecimal numbers. If you provide it with 514 and it treats that as a hexadecimal value, it could be interpreting your request as saying that you want to set the account to be a "NORMAL_ACCOUNT" and a "TEMP_DUPLICATE_ACCOUNT" at the same time.

      Again, not saying that this is the reason behind the errors, but it might be worth a shot to try dropping the double-quotes around the 514 to see what happens.

[reply]

      I also wonder if either of the two systems might have recorded more information in the system event-log...   It might be worth a looky.

[reply]
        Hi, Thanks for the suggestions, but I have been unable to get this to work. Its not a massive problem for me in this instance as I am moving all accounts into a new OU so I can select them all and disable them manually.
[reply]
Re^2: NET::LDAP disable AD user
by Anonymous Monk on Mar 22, 2013 at 09:16 UTC
    my $res = $ldap->modify ( $aduser, replace => { 'userAccountControl'=>514 } );
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://862394]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-04-19 03:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found