禁用 Active Directory 帐户的 SQL 查询
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1324361/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SQL Query for Disabled Active Directory Accounts
提问by Chris Klepeis
I need to query AD to determine if a users account is disabled.
我需要查询 AD 以确定用户帐户是否被禁用。
Using a similar query used in the answers here
使用此处的答案中使用的类似查询
SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user'')
I believe to determine if an account is disabled I have to use the userAccountControl field somehow. I've tried several things but they don't seem to be working:
我相信要确定帐户是否被禁用,我必须以某种方式使用 userAccountControl 字段。我尝试了几件事,但它们似乎不起作用:
WHERE userAccountControl & 2 <> 0
采纳答案by Chris Klepeis
Apparently it did work... this would be an ID-10-T :p
显然它确实有效......这将是一个 ID-10-T :p
回答by youhieng
Inside OPENQUERY() :
内部 OPENQUERY() :
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2
SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND ''userAccountControl:1.2.840.113556.1.4.803:''<>2)
回答by brejk
How about:
怎么样:
SELECT sAMAccountName
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName, userAccountControl
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user''')
WHERE userAccountControl & 2 <> 0; -- disabled
