[Samba] samba-tool user disable doesn't change any object attributes?
Rowland Penny
rpenny at samba.org
Thu Aug 24 13:37:04 UTC 2023
On Thu, 24 Aug 2023 21:12:38 +0800
Reese Wang via samba <samba at lists.samba.org> wrote:
> I used `samba-tool user disable testuser` to disable a user and
> `samba-tool user show testuser` to display the user object and found
> nothing was changed. And I can still get the user using filter
> (&(objectClass=user)(sAMAccountName=testuser)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
>
> Shouldn't `samba-tool user disable` change userAccountControl to 2 or
> something?
>
Close :-)
userAccountControl is sort of accumulative, a normal enabled user
account will have '512' in it, but there could be a larger number set.
For instance, if the users password is set to never expire it could be
'65848', which is '512' plus '65336'.
To disable a user you add '2' to the '512'.
Try reading this:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
Rowland
More information about the samba
mailing list