Is it possible to enable (or disable) a user in Active Directory with LDAP command?
And also, is it possible doing it with C#?
I've already looked here and here
Thanks,
J
Asked
Active
Viewed 1.5k times
4
-
Can you use powershell with LDAP? What programming languages are you looking to implement the Lda protocol? – Anderson Oki Oct 26 '16 at 10:41
-
@AndersonOki as i wrote I'm gonna use C#.NET. I prefer using C# because I have to develop a web application. – Jack Oct 26 '16 at 12:02
3 Answers
6
using this reference Howto: (Almost) Everything In Active Directory via C#
you can use "userAccountControl" attribute to enable and disable
you need to pass DirectoryEntry to the function
Enable:
public static void Enable(DirectoryEntry user)
{
try
{
int val = (int)user.Properties["userAccountControl"].Value;
user.Properties["userAccountControl"].Value = val & ~0x2;
//ADS_UF_NORMAL_ACCOUNT;
user.CommitChanges();
user.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//DoSomethingWith --> E.Message.ToString();
}
}
Disable :
public void Disable(DirectoryEntry user)
{
try
{
int val = (int)user.Properties["userAccountControl"].Value;
user.Properties["userAccountControl"].Value = val | 0x2;
//ADS_UF_ACCOUNTDISABLE;
user.CommitChanges();
user.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//DoSomethingWith --> E.Message.ToString();
}
}
Mawardy
- 3,618
- 2
- 33
- 37
4
Using: Morgan Tech Space as Reference:
Enable Active Directory User Account via userAccountControl using C#
private static void EnableADUserUsingUserAccountControl(string username)
{
try
{
DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
// ldap filter
string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
(!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
SearchResult searchResult = searcher.FindOne();
if (searcher != null)
{
DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
int old_UAC=(int)userEntry.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To enable an ad user account, we need to clear the disable bit/flag:
userEntry.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
userEntry.CommitChanges();
Console.WriteLine("Active Director User Account Enabled successfully
through userAccountControl property");
}
else
{
//AD User Not Found
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Disable Active Directory User Account via userAccountControl using C#
private static void DisableADUserUsingUserAccountControl(string username)
{
try
{
DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
// ldap filter
string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
(!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
SearchResult searchResult = searcher.FindOne();
if (searcher != null)
{
DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
int old_UAC = (int)userEntry.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To disable an ad user account, we need to set the disable bit/flag:
userEntry.Properties["userAccountControl"][0] = (old_UAC | ADS_UF_ACCOUNTDISABLE);
userEntry.CommitChanges();
Console.WriteLine("Active Director User Account Disabled successfully
through userAccountControl property");
}
else
{
//AD User Not Found
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Enable AD User Account via UserPrincipal using C#
private static void EnableADUserUsingUserPrincipal(string username)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = true;
userPrincipal.Save();
Console.WriteLine("Active Director User Account Enabled successfully through UserPrincipal");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Disable AD User Account via UserPrincipal using C#
private static void DiableADUserUsingUserPrincipal(string username)
{
try
{
// To use this class, you need add reference System.DirectoryServices.AccountManagement which
is available only from .NET 3.5; PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = false;
userPrincipal.Save();
Console.WriteLine("Active Director User Account Disabled successfully through UserPrincipal");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Anderson Oki
- 637
- 1
- 6
- 18
3
You can use PrincipalContext to enable/ disable AD account. To Enable the AD you can do something like this:
private static void EnableADUserUsingUserPrincipal(string username)
{
try
{
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
(principalContext, username);
userPrincipal.Enabled = true;
userPrincipal.Save();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
To disable Active Directory you can just set the userPrincipal.Enabled = false;
Benjamin
- 3,499
- 8
- 44
- 77
-
this worked, but with this modification `PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, DomainName, DomainAdmin, DomainPassword);` – Jack Oct 28 '16 at 15:19
-
@Jack, there is no need to supply DomainAdmin, and DomainPassword. It should work on your machine as far as your computer belongs to the domain and the user is logged in. – Benjamin Oct 29 '16 at 09:27