I am working on a script that can get the number of locked out users from Active directory. Not disabled, just current number of locked out users. Is this possible? I havent worked with fetching data from AD before so I'm asking you guys before I try.
Asked
Active
Viewed 297 times
-1
-
What are you try? – Piotr Olaszewski Oct 14 '16 at 06:30
-
I am trying to get the number of locked out users from active directory. It says so right in the queston. – John-Eilif Oct 14 '16 at 06:40
2 Answers
0
Try searching for (|(!(gosaVacationStop=*))(!(gosaVacationStop=0))).
That should fetch all users that have the attribute lockoutTime set and where it is not 0.
$result = ldap_search($con, '(&(samaccountname=*)(|(!(gosaVacationStop=*))(!(gosaVacationStop=0))))', '*');
echo ldap_count_entries($con, $result);
That should give you the number of locked accounts.
heiglandreas
- 3,803
- 1
- 17
- 23
-1
LDAP unfortunately does not have session management. It only provides a directory service from which you can get data from. There are no such things as logged out users.
Maybe you can create a system, when a user logs in it saves the user/expiration in the database. If he log's out or the session/cookie gets destroyed it will be removed from the database.
Yanick van Barneveld
- 302
- 3
- 18
-
I did not try to fetch logged out users... but locked out.. where the account has been locked. I want to display the amount of locked users in our intranet. – John-Eilif Oct 14 '16 at 08:10
-
Maybe you can try this question, http://stackoverflow.com/questions/11795294/detect-if-an-active-directory-user-account-is-locked-using-ldap-in-python. – Yanick van Barneveld Oct 14 '16 at 08:18