Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to determine if user account is enabled or disabled

Tags:

c#

attributes

active-directory

directoryservices

I am throwing together a quick C# win forms app to help resolve a repetitive clerical job.

I have performed a search in AD for all user accounts and am adding them to a list view with check boxes.

I would like to default the listviewitems' default check state to depend upon the enabled/disabled state of the account.

string path = "LDAP://dc=example,dc=local"; DirectoryEntry directoryRoot = new DirectoryEntry(path); DirectorySearcher searcher = new DirectorySearcher(directoryRoot,     "(&(objectClass=User)(objectCategory=Person))"); SearchResultCollection results = searcher.FindAll(); foreach (SearchResult result in results) {     DirectoryEntry de = result.GetDirectoryEntry();     ListViewItem lvi = new ListViewItem(         (string)de.Properties["SAMAccountName"][0]);     // lvi.Checked = (bool) de.Properties["AccountEnabled"]     lvwUsers.Items.Add(lvi); }

I'm struggling to find the right attribute to parse to get the state of the account from the DirectoryEntry object. I've searched for AD User attributes, but not found anything useful.

Can anyone offer any pointers?

like image 225
Bryan Avatar asked Jan 05 '10 11:01

Bryan

People also ask

How can I tell who is enabled a user account in Active Directory?

Run gpedit. msc → Create a new GPO → Edit it : Go to "Computer Configuration" → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy: Audit account management → Define → Success.

How do I list disabled accounts in Active Directory PowerShell?

Run Netwrix Auditor → Navigate to “Reports” → Expand the “Active Directory” section → Go to “Active Directory – State-in-Time” → Select “User Accounts” → Click “View” → Set the “Status” parameter to “Disabled” → Click “View Report”.

How do I check my Active Directory status?

Check AD account lockout status In ADUC, navigate to the properties of the user, then the Account tab. You will see the following message if an account is locked out: Unlock account. This account is currently locked out on this Active Directory Domain Controller.

1 Answers

this code here should work... 

private bool IsActive(DirectoryEntry de) {   if (de.NativeGuid == null) return false;    int flags = (int)de.Properties["userAccountControl"].Value;    return !Convert.ToBoolean(flags & 0x0002); }
like image 69
Dimi Takis Avatar answered Sep 19 '22 01:09

Dimi Takis
Sign in to Comment

Related questions

What characters are allowed in C# class name?
JavaScriptSerializer.Deserialize - how to change field names
How to convert Dictionary<string, object> to Dictionary<string, string> in c#
Entity Framework code-first: migration fails with update-database, forces unneccessary(?) add-migration
How do I get a warning in Visual Studio when async methods don't end in 'Async'?
RestSharp print raw request and response headers
What is SUT and where did it come from?
How to read/write files in .Net Core?
Why should I write CLS compliant code?
how to deserialize JSON into IEnumerable<BaseType> with Newtonsoft JSON.NET
"A namespace cannot directly contain members such as fields or methods" [closed]
Find node clicked under context menu
Xamarin Visual Studio IOS Development Without a Mac?
Set IncludeExceptionDetailInFaults to true in code for WCF
Moq + Unit Testing - System.Reflection.TargetParameterCountException: Parameter count mismatch
Windows service start failure: Cannot start service from the command line or debugger [duplicate]
How to read data from excel file using c# [duplicate]
Testing for equality between dictionaries in C#
Difference between Method and Function? [duplicate]
Force GUI update from UI Thread

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!