We help IT Professionals succeed at work.

Need help to unlock an Active Directory account using PHP and LDAP

maximus81
maximus81 asked
on
I am trying to unlock an account using PHP and adLDAP and having no luck. i have been searching around for something that would work but everything i find spits out errors that I can't fix. Can anyone point me to a page that has a working solution? Thank you
Comment
Watch Question

Commented:
Here is an example. As there is no method to unlock an account built into ADLDAP by default I extend the adLDAP class to add the function. Hopefully they update their schema to include the feature by default in the near future.

You would obviously need to update your own AD settings in the $options array and a test username in $user.

<?php
	require_once(dirname(__FILE__) . '\adldap.php');
	
	// Extend the base adLDAP class with our unlock function
	class myADLDAP extends adLDAP {
		
		public function unlock_user($username) {
			$user = $this->user()->info($username, array("cn")); 
			if ($user[0]['dn'] == NULL) {
				return (false);
			} 
			
			$user_dn = $user[0]['dn']; 
			$add['lockoutTime'] = array(0); 
			$result = ldap_mod_replace($this->getLdapConnection(), $user_dn, $add); 
			
			if ($result == false) { 
				return (false); 
			} 
			return (true); 
		}
	}

	// The username to be unlocked
	$user = 'testuser';
		
	// AD settings
	$options = array(
		'base_dn' => 'DC=test,DC=local',
		'account_suffix' => '@test.local',
		'domain_controllers' => array('10.1.1.1'),
		'admin_username' => 'administrator',
		'admin_password' => 'adminpassword'
	);
	
	// Instantiate using the extended class so we can access unlock_user()
	try {
		$adldap = new myADLDAP($options);
	}
	catch (adLDAPException $e) {
		echo $e;
		exit();   
	}

	$result = $adldap->unlock_user($user);
	
	echo ($result === TRUE) ? "<b>$user</b> unlocked successfully." : "<b>$user</b> does not exist";

Open in new window

Author

Commented:
this worked perfect, thank you very much.