search for: uf_lockout

...;, 0); if (lockoutTime != 0) { int64_t lockoutDuration; lockoutDuration = get_user_lockout_duration(module, msg, parent, nc_root); /* zero locks out until the administrator intervenes */ if (lockoutDuration >= 0) { msDS_User_Account_Control_Computed |= UF_LOCKOUT; } else if (lockoutTime - lockoutDuration >= now) { msDS_User_Account_Control_Computed |= UF_LOCKOUT; } } I hope this clarifies things. If someone has time (I'm swamped) it would be awesome of we had this stuff in a wiki so folks don't need to reinvent the wheel. Andrew Ba...

...tribute. > that will avoid you encoding this logic in your shell scripts as it is > what Samba uses internally. A-HA! Seems strange to me there's no such field... https://docs.microsoft.com/en-us/windows/win32/adschema/a-msds-user-account-control-computed so, i need to check for 'UF_LOCKOUT', i suppose... Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +3...

Mandi! Rowland penny via samba In chel di` si favelave... > You cannot create an ldap filter using the above, you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn:

Mandi! Rowland penny via samba In chel di` si favelave... > As I said, if 'lockoutTime' isn't set or it is set to '0', then the user > isn't locked out, anything else and it is, but I do not believe that you can > set it to anything else but '0' manually, only the system can do this. > This is where 'lockoutDuration' comes in, the account