Best IT Recipes

How to determine if a user account is enabled or disabled

I am compiling a quick C # form application to help solve the repetitive clerical work.

I searched AD for all user accounts and add them to the checkbox list view.

I would prefer the default validation status for listviewitems to depend on the account on / off status.

string path = "LDAP://dc=example,dc=local"; DirectoryEntry directoryRoot = new DirectoryEntry(path); DirectorySearcher searcher = new DirectorySearcher(directoryRoot, "(&(objectClass=User)(objectCategory=Person))"); SearchResultCollection results = searcher.FindAll(); foreach (SearchResult result in results) { DirectoryEntry de = result.GetDirectoryEntry(); ListViewItem lvi = new ListViewItem( (string)de.Properties["SAMAccountName"][0]); // lvi.Checked = (bool) de.Properties["AccountEnabled"] lvwUsers.Items.Add(lvi); }

I am trying to find the right attribute for analysis in order to get the state of an account from a DirectoryEntry object. I searched for AD user attributes but didn't find anything useful.

Can anyone suggest any pointers?

+47
c # attributes active-directory directoryservices
Jan 05 '10 at 11:21
source share
3 answers

this code should work here ...

 private bool IsActive(DirectoryEntry de) { if (de.NativeGuid == null) return false; int flags = (int)de.Properties["userAccountControl"].Value; return !Convert.ToBoolean(flags & 0x0002); }
+84
Jan 05 '10 at 11:29
source share

Not that anyone asked, but here is the java version (since I ended up looking for it). Zero checking is left as an exercise for the reader.

 private Boolean isActive(SearchResult searchResult) { Attribute userAccountControlAttr = searchResult.getAttributes().get("UserAccountControl"); Integer userAccountControlInt = new Integer((String) userAccoutControlAttr.get()); Boolean disabled = BooleanUtils.toBooleanObject(userAccountControlInt & 0x0002); return !disabled; }
+4
Dec 10 '13 at 20:55
source share

Using System.DirectoryServices.AccountManagement: domainName and username must be string values โ€‹โ€‹of the domain and username.

 using (var domainContext = new PrincipalContext(ContextType.Domain, domainName)) { using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, username)) { if (foundUser.Enabled.HasValue) { return (bool)foundUser.Enabled; } else { return true; //or false depending what result you want in the case of Enabled being NULL } } }
+3
Feb 17 '16 at 6:13
source share


More articles:


All Articles