LDAP Query to filter disabled account

LDAP Query to filter disabled account

Post by TmFza » Sat, 15 Aug 2009 22:59:01

Active Directory 2003
Users OU with mixture of enabled and disabled users.
Want to filter the list to only show me enabled/disabled users. I believe
this is done via LDAP query in management console under view/filter
optioons/create custom/customise/advanced.
Wold appreciate any help.

1. LDAP query construction and LDAP query tool

2. LDAP: selective accounts on hosts (netgroup, default search filter for People branch)

Just a comment: if you use OpenLDAP as servers, it is better to use
OpenLDAP as clients (I had tried SUN native LDAP client works as well,
but doubt that will remain in future Solaris releases/patches), but then
you are banking on OpenSource support and facing the massive efforts to
deploy (install/configure) OpenLDAP clients. SUN iDS5 and SUN native
LDAP client (built-in) may be a better choice.

There is a latest discovery w.r.t. "NetGroup" by Diego worth reading:

As netgroup does not work well with OpenLDAP, some people has reported
another mean that works: by using the "host" attribute in People
entries, and specifying "check host attribute" in PAM_LDAP's
/etc/ldap.conf. You may need to add the schema and objectclass
(account?) that provide this attribute. This works well if the # of
hosts or # of users is limited.

host: host1.domain.com
host: host2.domain.com

Pls search Google for "netgroup site:www.openldap.org", I think there
are some other tricks people play to the default search filter for
People branch.

You may also find these articles informative:


I also heard from PAM mail list there is a something like
"pam_listusers" module (not sure the spelling) that could restrict
authenticated users list on a per host basis.


3. ADAM LDAP Query to implement 'Sounds Like' filter

4. ADAM LDAP Query using 'Sounds Like' filter

5. W2k LDAP Query and filters

6. LDAP filter in query not working

7. ldap query for alias has missing filter attributes

8. User Filter for LDAP Query

9. Disabled User Account Control and disabled Administrator account.

10. Disable LDAP On ADAM, and Only Use LDAPS

11. LDAP query to return computer accounts that are not members of

12. Account expire date ldap query

13. OWA LDAP Query Account

14. asp page that query Exchange ldap attributes (Error 70 with External account)

15. LDAP query to return computer accounts that are not members of a g