S
Steve The Geek
I have the script running to plow through out AD structure and pull
out all the disabled accounts.
I've also got the damnedable thing parsing the logon script for
userhome drive mappings, getting the last logon date, and highlighting
the user's distinguished name.
According to MS, an LDAP query of
(useraccountcontrol:1.2.840.113556.1.4.803:=2) should pull up all
expired accounts. From the LDP utility in the Windows 2000 resource
kit, it works.
What I get in perl is:
I/O Error at SearchViaLdapForExpiredAccounts-modified.pl line 45
I've had to pull out the combinations that work, but damn...
Here's the relevant (working) code section:
$mesg = $ldap->search( # find all objects with "accountDisabled" set
base => 'DC=workplace,DC=com',
filter => '(|(useraccountcontrol=2)
(useraccountcontrol=514)
(useraccountcontrol=18)
(useraccountcontrol=34)
(useraccountcontrol=52)
(useraccountcontrol=66)
(useraccountcontrol=84)
(useraccountcontrol=136)
(useraccountcontrol=514)
(useraccountcontrol=532)
(useraccountcontrol=584)
(useraccountcontrol=668)
(useraccountcontrol=65538)
(useraccountcontrol=65556)
(useraccountcontrol=65608)
(useraccountcontrol=65692)
(useraccountcontrol=66360)
(useraccountcontrol=8388610)
(useraccountcontrol=8388628)
(useraccountcontrol=8388680)
(useraccountcontrol=8388764)
(useraccountcontrol=8389432)
(useraccountcontrol=8455792))',
attrs => ['memberof',
'samaccountname',
'homedirectory',
'name',
'distinguishedname',
'lastlogon']
);
print $mesg->count," enteries found.\n";
$mesg->code && die $mesg->error;
<end code section>
Any thoughts of why the easier 1.2.840.113556.1.4.803:=2 won't work?
Thanks!
Steve the (**** MS) Geek
out all the disabled accounts.
I've also got the damnedable thing parsing the logon script for
userhome drive mappings, getting the last logon date, and highlighting
the user's distinguished name.
According to MS, an LDAP query of
(useraccountcontrol:1.2.840.113556.1.4.803:=2) should pull up all
expired accounts. From the LDP utility in the Windows 2000 resource
kit, it works.
What I get in perl is:
I/O Error at SearchViaLdapForExpiredAccounts-modified.pl line 45
I've had to pull out the combinations that work, but damn...
Here's the relevant (working) code section:
$mesg = $ldap->search( # find all objects with "accountDisabled" set
base => 'DC=workplace,DC=com',
filter => '(|(useraccountcontrol=2)
(useraccountcontrol=514)
(useraccountcontrol=18)
(useraccountcontrol=34)
(useraccountcontrol=52)
(useraccountcontrol=66)
(useraccountcontrol=84)
(useraccountcontrol=136)
(useraccountcontrol=514)
(useraccountcontrol=532)
(useraccountcontrol=584)
(useraccountcontrol=668)
(useraccountcontrol=65538)
(useraccountcontrol=65556)
(useraccountcontrol=65608)
(useraccountcontrol=65692)
(useraccountcontrol=66360)
(useraccountcontrol=8388610)
(useraccountcontrol=8388628)
(useraccountcontrol=8388680)
(useraccountcontrol=8388764)
(useraccountcontrol=8389432)
(useraccountcontrol=8455792))',
attrs => ['memberof',
'samaccountname',
'homedirectory',
'name',
'distinguishedname',
'lastlogon']
);
print $mesg->count," enteries found.\n";
$mesg->code && die $mesg->error;
<end code section>
Any thoughts of why the easier 1.2.840.113556.1.4.803:=2 won't work?
Thanks!
Steve the (**** MS) Geek