Reese Wang
2023-Aug-24 13:12 UTC
[Samba] samba-tool user disable doesn't change any object attributes?
I used `samba-tool user disable testuser` to disable a user and `samba-tool user show testuser` to display the user object and found nothing was changed. And I can still get the user using filter (&(objectClass=user)(sAMAccountName=testuser)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) Shouldn't `samba-tool user disable` change userAccountControl to 2 or something?
Rowland Penny
2023-Aug-24 13:37 UTC
[Samba] samba-tool user disable doesn't change any object attributes?
On Thu, 24 Aug 2023 21:12:38 +0800 Reese Wang via samba <samba at lists.samba.org> wrote:> I used `samba-tool user disable testuser` to disable a user and > `samba-tool user show testuser` to display the user object and found > nothing was changed. And I can still get the user using filter > (&(objectClass=user)(sAMAccountName=testuser)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > Shouldn't `samba-tool user disable` change userAccountControl to 2 or > something? >Close :-) userAccountControl is sort of accumulative, a normal enabled user account will have '512' in it, but there could be a larger number set. For instance, if the users password is set to never expire it could be '65848', which is '512' plus '65336'. To disable a user you add '2' to the '512'. Try reading this: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties Rowland
Possibly Parallel Threads
- samba-tool user disable doesn't change any object attributes?
- samba-tool user disable doesn't change any object attributes?
- restore deleted user (ldbrename) on samba 4.9.1 fails
- Users list and the date the password will expire
- Dovecot+Samba AD - authentication failure