I'm trying to create some groups (distribution lists) through an application we're using and I need to do so using LDAP query.
It's for breaking our students into their respective school site and I have it working but it's including the disabled accounts. I would like to create the list and NOT include those disabled accounts.
Here's what I'm using (made generic for the domain) and this is working:
I've tried adding (!(userAccountControl=514)) at the end, but then no output is generated. I've tried adding (&(userAccountControl=512) at the beginning but still no joy.
[514=disabled account so that should skip disabled accounts]
[512=enabled so that was an attempt to keep only the enabled accounts]
Can anyone help me with adding this sytax? (LDAP doesn't come up as a topic so next best match was Active Directory)