Don''t show disabled user via ldap search filter (Active Directory)

I’'m trying take disabled users in the active directory that are in the search path, out of the users list.

If I add (!userAccountControl:1.2.840.113556.1.4.803:=2) to the search filter for users I would’‘ve thought that would work? but it doesn’'t pick up any users then. but if it exclude the ! then it picks up users that are disabled, so the search filter does work.(tested that through the setup of the user filters.)

searchFilter should be (&(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803 :=2)) ?

or just

(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2 )

Anyone tried to do this before?


I tried to do the same thing, but failed. I also attempted to check the exchange attribute that is set for disabled users.

Unfortunately, that didn’'t seem to want to work either.



If you are using Active Directory try adding (userAccountControl=66048) to your user filter. That should pull all active users (non disabled accounts).

Let me know if that works

Here is mine. This works like a charm: