attribute for disabled account

[Guest]

does anyone know what is the attribute for disabled account..? i want to
export all the disable account user for inventory.

here is my syntex using ldifde

ldifde -f C:\export.ldf -s ad1-cc -d "dc=ad,dc=pbclient,dc=com" -p subtree
-r "(objectClass=user)" -l "useraccountcontrol"

 

[Joe Richards [MVP]]

A disabled account is flagged by a bit flag in the useraccountcontrol. You need
to get to it by using an AND OID in your filter like so

useraccountcontrol:1.2.840.113556.1.4.803:=2

Also note, you don't want to use just objectclass=user unless you have indexed
the objectclass attribute as that would be very inefficient. objectclass by
default isn't indexed which would mean that you would have to look at every
object in the domain ad.pbclient.com to find the users. If you add
objectcategory=person to the filter then you at least filter it down to users
and contacts. Also note, that if you just have objectclass=user, it will return
computers as well.

joe

 

[Guest]

i only want to export disabled account, can you view my syntex is right ?

ldifde -f C:\export.ldf -s ad1-cc -d "dc=ad,dc=pbclient,dc=com" -p subtree
-r "(objectClass=user)" -l "useraccountcontrol:1.2.840.113556.1.4.803:=2"

 

[Joe Richards [MVP]]

Nope this is incorrect, you need to modify the filter, not the attributes
returned. If this sounds like greek to you (and you don't speak greek), I highly
recommend getting a guide on LDAP and reading it or else you will be wholly
unhappy with your AD experiences with ldifde and other LDAP based tools.

Your filter should look something like

"&(objectcategory=person)(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)"

or

"&(samaccounttype=805306368)(useraccountcontrol:1.2.840.113556.1.4.803:=2)"