Answer the question
In order to leave comments, you need to log in
How to get a list of blocked accounts via LDAP?
Good afternoon, there is a need to get a list of accounts from AD that were blocked due to incorrect password entry. You need to get such a list through an LDAP request. There is such an attribute for the user account lockouttime which stores the lockout time of the account, if you use this attribute, then a situation arises when the account was unlocked automatically (my account is automatically unlocked 30 minutes after the lockout) then the lockouttime is not reset and it turns out that through the request the account It seems to be blocked, but in reality it is completely different. Also, judging by msdn, there is an attribute msDS-User-Account-Control-Computed which just stores the state of the account, but it cannot be used in ldap request filters since it is calculated, and how to use it is not really described anywhere. I make Ldap requests through perl scripts, on a Linux server, so I don't offer PowerShell. Thank you.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question