禁用Active Directory帐户的SQL查询

Question

I need to query AD to determine if a users account is disabled. 我需要查询AD以确定是否禁用了用户帐户。

Using a similar query used in the answers here 使用此处答案中使用的类似查询

SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user'')

I believe to determine if an account is disabled I have to use the userAccountControl field somehow. 我相信确定帐户是否被禁用我必须以某种方式使用userAccountControl字段。 I've tried several things but they don't seem to be working: 我尝试了几件事，但它们似乎没有起作用：

WHERE userAccountControl & 2 <> 0

Answer 1

Inside OPENQUERY() : 在OPENQUERY（）内：

AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2 AND''userAccountControl：1.2.840.113556.1.4.803：''<> 2

SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2)

Answer 2

How about: 怎么样：

SELECT sAMAccountName
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName, userAccountControl 
FROM ''LDAP://DC=MyDC,DC=com,DC=uk'' 
WHERE objectCategory = ''Person'' 
AND objectClass = ''user''') 
WHERE userAccountControl & 2 <> 0; -- disabled

Answer 3

显然它确实有效......这将是一个ID-10-T：p

禁用Active Directory帐户的SQL查询

问题描述

3 个解决方案

解决方案1
7 2013-05-15 14:09:36

解决方案2
6 2010-01-26 09:39:19

解决方案3
4 已采纳 2009-08-24 20:24:02

禁用Active Directory帐户的SQL查询

问题描述

3 个解决方案

解决方案1 7 2013-05-15 14:09:36

解决方案2 6 2010-01-26 09:39:19

解决方案3 4 已采纳 2009-08-24 20:24:02

解决方案1
7 2013-05-15 14:09:36

解决方案2
6 2010-01-26 09:39:19

解决方案3
4 已采纳 2009-08-24 20:24:02