¤ Hi,
¤
¤ can anyone give me some code how to query wheather a AD account is disabled
¤ or not? I´d like to use DirectoryServicesEntry object.
You can check the userAccountControl mask to see if this property is set:
Const ADS_UF_ACCOUNTDISABLE As Int16 = &H2
Dim UserAccountControl As Int16
Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://DC=xxx,DC=xxx,DC=org")
Dim ADSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)
Dim ADSearchResult As System.DirectoryServices.SearchResult
ADSearch.Filter = ("(samAccountName=xxxx)")
ADSearch.SearchScope = SearchScope.Subtree
For Each ADSearchResult In ADSearch.FindAll()
UserAccountControl =
CType(ADSearchResult.GetDirectoryEntry().Properties.Item("userAccountControl").Value, Int16)
If CType(UserAccountControl And ADS_UF_ACCOUNTDISABLE, Boolean) Then
Console.WriteLine("Account is disabled")
End If
Next
Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)
