I’'m running active directory and have some accounts that are disabled but not deleted. Is there a way I can search, based on the ‘‘userAccountControl’’ field to filter them out? I found this as a reference:
It appears as though having the 0x0002 bit set indicates that the account is disabled, (I doubled checked this and it’‘s true in my system.) Unfortunately, I can’'t just check for values of 512 vs. 514 since some users have other flags set. How do I do a bitwise AND?
Ick- what a horrid way to manage account status in LDAP. LDAP has no bitwise functions, everything is a logical operator, so something would need to be implemented post-query to figure it out.
Is there perhaps something else you could check? Maybe some group membership status? Another field to filter?