Don''t show disabled user via ldap search filter (Active Directory)

jake_denotter · December 5, 2006, 1:13pm

I’'m trying take disabled users in the active directory that are in the search path, out of the users list.

If I add (!userAccountControl:1.2.840.113556.1.4.803:=2) to the search filter for users I would’‘ve thought that would work? but it doesn’'t pick up any users then. but if it exclude the ! then it picks up users that are disabled, so the search filter does work.(tested that through the setup of the user filters.)

searchFilter should be (&(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803 :=2)) ?

or just

(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2 )

Anyone tried to do this before?

Cheers,Jake

Darren_Sykes · December 10, 2006, 11:24pm

I tried to do the same thing, but failed. I also attempted to check the exchange attribute that is set for disabled users.

Unfortunately, that didn’'t seem to want to work either.

Sorry!

D

John_Doe · December 18, 2006, 8:09pm

If you are using Active Directory try adding (userAccountControl=66048) to your user filter. That should pull all active users (non disabled accounts).

Let me know if that works

Andrew_H · December 20, 2006, 5:02pm

Here is mine. This works like a charm: