Skip to main content

I am looking for the conventional Blackpearl (and preferably out-of-the-box) way to test for accounts enabled/disabled status, and maybe get some details for disabled acounts.

 

There are a few different scenarios where we may wish to deal with some disabled user accounts in Microsoft Active Directory. In one case, we may want a list of disabled (but not deleted), in another we have a username for a disabled user and we wish to retrieve details for that user. As a slight variation of the latter, we may wish to test to see if a certin username A) exists and is enabled, B) exists but is disabled, or C) does not exist.

 

After examining Account Management Service, there is an AccountDisabled attribute, but it seems that there is no method to retrieve an account. You have to already know the state of an account that you wish to modify. 

 

After examining AD Service2, I find status or disabled properties to be conspicuously absent, and after some experimentation, it seems that it has a non-configurable filter that only returns enabled accounts.

 

In the forums, I've seen a few recommendations for the Dynamic AD service in the Market. Have I missed something? Or Is hoshy's Dynamic Active Directory Service (in the Market) the closest thing to a standard tool to test for AD account status by username and/or get a list of disabled accounts?

Hi jrwarwick

 

The OOTB Active Directory broker excludes disabled accounts, as you have identified.

 

Your best place to start is the Dynamic AD service from the Market. You may be able to get it to what you want as it is, or you may need to customise it.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings