List only enabled Active Directory Users
Last year, I created (pieced together from others) a directory of all of our users. However, it was just pointed out to me that the directory is also listing "disabled" users.
How can I list "enabled" users and not "disabled"?
If possible I'd like to add this to my query, but I'm open to if statements. Here's my query and my main loop:
Thanks for any help you can give.
How can I list "enabled" users and not "disabled"?
If possible I'd like to add this to my query, but I'm open to if statements. Here's my query and my main loop:
'Query
SQLStmt = "SELECT mailNickname, description, displayName, givenName, sn, streetAddress, l, st, " &_
"postalCode, homePhone, mobile, title, department, company, physicalDeliveryOfficeName, " &_
"telephoneNumber, facsimileTelephoneNumber FROM 'LDAP://SERVER/" & myLDAP &_
"' WHERE objectClass='Person' AND description <>'Student' ORDER BY mailNickname"
'The Loop
Do while not objRS.EOF and RowCount < objRS.PageSize
'list user info
loopThanks for any help you can give.
ASKER
Thanks for the timely response.
I see the userAccountControl, but I don't have the string of numbers after it, nor are any of my users' values 2, most of them have a 512 if they're enabled, but still others have a different number that's longer. Also a majority of the disabled users have 546, and, again, others have a different, longer number.
What significance does the "1.2.840.113556.1.4.803:" have? If I add the userAccountControl to my query, will I need to include this string of numbers?
If not, I'm assuming my WHERE section would look like this to return the enabled users, correct?
[code]WHERE objectClass='Person' AND description<>'Student' AND userAccountControl=2[/code
I see the userAccountControl, but I don't have the string of numbers after it, nor are any of my users' values 2, most of them have a 512 if they're enabled, but still others have a different number that's longer. Also a majority of the disabled users have 546, and, again, others have a different, longer number.
What significance does the "1.2.840.113556.1.4.803:" have? If I add the userAccountControl to my query, will I need to include this string of numbers?
If not, I'm assuming my WHERE section would look like this to return the enabled users, correct?
[code]WHERE objectClass='Person' AND description<>'Student' AND userAccountControl=2[/code
ASKER
Update:
I tried the query with the 2 and it was unsuccessful, tried it with the 512 and it worked except it disregarded any of our enabled users that had a different number in that field.
I tried the query with the 2 and it was unsuccessful, tried it with the 512 and it worked except it disregarded any of our enabled users that had a different number in that field.
http://support.microsoft.com/kb/269181
It's been a while since I've needed to look at this, so I am a bit rusty. Here is an article that explains the numerical part of the string I had posted before.
It's been a while since I've needed to look at this, so I am a bit rusty. Here is an article that explains the numerical part of the string I had posted before.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still looking at this.
Ken, I'm guessing that .net (I haven't tried learning it yet); if so, I can't use it. We are using classic ASP to do everything right now. Thank you though.
Ken, I'm guessing that .net (I haven't tried learning it yet); if so, I can't use it. We are using classic ASP to do everything right now. Thank you though.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A few projects have pushed the importance of this down a bit. Will let you all know as soon as I get a chance to try some more things.
Thanks for your help, by the way!
Thanks for your help, by the way!
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
I believe this is the active or not active option. the two signifies "Not Disabled"