[英]SQL Query for Disabled Active Directory Accounts
I need to query AD to determine if a users account is disabled. 我需要查询AD以确定是否禁用了用户帐户。
Using a similar query used in the answers here 使用此处答案中使用的类似查询
SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user'')
I believe to determine if an account is disabled I have to use the userAccountControl field somehow. 我相信确定帐户是否被禁用我必须以某种方式使用userAccountControl字段。 I've tried several things but they don't seem to be working:
我尝试了几件事,但它们似乎没有起作用:
WHERE userAccountControl & 2 <> 0
Inside OPENQUERY() : 在OPENQUERY()内:
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2
AND''userAccountControl:1.2.840.113556.1.4.803:''<> 2
SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2)
How about: 怎么样:
SELECT sAMAccountName
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName, userAccountControl
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''')
WHERE userAccountControl & 2 <> 0; -- disabled
显然它确实有效......这将是一个ID-10-T:p
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.