Hello. I am going nuts trying to figure out how to look up a user profile's account status (if it's been locked out due to multiple failed password entry attempts.)
I nicked some code off the internet and made some adjustments, having found the "UserAccountControl" field.
The class is called and executed:
The IsLocked variable returning code 512, 514, or 544 (enabled, disabled, or enabled but password reset required).
Unfortunately, I had a coworker test the procedure after deliberately locking out his account. It still read 512, which is inaccurate.
I haven't worked on re-enabling the code yet; the main class merely calls the above to check its status. I want to get each component functioning before continuing onto the next...
Any help or guidance would be much appreciated.
Thank you kindly!
I nicked some code off the internet and made some adjustments, having found the "UserAccountControl" field.
The class is called and executed:
VB.NET:
Public Class isLockedOut
Public Function isLocked(ByVal vSAN)
' Function: SearchDistinguishedName
' Description: Searches the DistinguishedName for a given SamAccountName
' Parameters: ByVal vSAN - The SamAccountName to search
' Returns: The DistinguishedName Name
Dim oRootDSE, oConnection, oCommand, oRecordSet
oRootDSE = GetObject("LDAP://rootDSE")
oConnection = CreateObject("ADODB.Connection")
oConnection.Open("Provider=ADsDSOObject;")
oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
' check ADS_UF_LOCKOUT for locked out status (not enabled/disabled)
oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
">;(&(objectCategory=User)(samAccountName=" & vSAN & "));userAccountControl;subtree"
oRecordSet = oCommand.Execute
On Error Resume Next
isLocked = oRecordSet.Fields("UserAccountControl").Value
Return isLocked
On Error GoTo 0
oConnection.Close()
oRecordSet = Nothing
oCommand = Nothing
oConnection = Nothing
oRootDSE = Nothing
End FunctionThe IsLocked variable returning code 512, 514, or 544 (enabled, disabled, or enabled but password reset required).
Unfortunately, I had a coworker test the procedure after deliberately locking out his account. It still read 512, which is inaccurate.
I haven't worked on re-enabling the code yet; the main class merely calls the above to check its status. I want to get each component functioning before continuing onto the next...
Any help or guidance would be much appreciated.
Thank you kindly!
