"userAccountControl:1.2.840.113556.1.4.803:=2" Sorry, I cannot read the Matrix. ;) Ole On 13.02.2017 17:19, Rowland Penny via samba wrote:> On Mon, 13 Feb 2017 16:46:12 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > > You could always replace: > >> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" >> userAccountControl | grep userAccountControl: | sed >> "s|userAccountControl: ||") >> >> if [ "${uAC_string}" -eq "512" ]; then >> >> [do expiration parsing] >> fi > With: > > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" > > This will do the same ;-) > > Rowland > >
Rowland Penny
2017-Feb-13 17:04 UTC
[Samba] Users list and the date the password will expire
On Mon, 13 Feb 2017 17:49:41 +0100 Ole Traupe via samba <samba at lists.samba.org> wrote:> "userAccountControl:1.2.840.113556.1.4.803:=2" > > Sorry, I cannot read the Matrix. ;) > > Ole > > >(!(userAccountControl:1.2.840.113556.1.4.803:=2)) You can read about it here: https://support.microsoft.com/en-gb/help/269181/how-to-query-active-directory-by-using-a-bitwise-filter Basically it means that the user isn't disabled. If you add '2' to a users 'userAccountControl' attribute, you disable the users account, the above checks it isn't set ( '!' = not ) Rowland
I see. This is the same with 512 and 514, I think. Ole On 13.02.2017 18:04, Rowland Penny via samba wrote:> On Mon, 13 Feb 2017 17:49:41 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > >> "userAccountControl:1.2.840.113556.1.4.803:=2" >> >> Sorry, I cannot read the Matrix. ;) >> >> Ole >> >> >> > (!(userAccountControl:1.2.840.113556.1.4.803:=2)) > > You can read about it here: > > https://support.microsoft.com/en-gb/help/269181/how-to-query-active-directory-by-using-a-bitwise-filter > > Basically it means that the user isn't disabled. > If you add '2' to a users 'userAccountControl' attribute, you disable > the users account, the above checks it isn't set ( '!' = not ) > > Rowland >