0

I have code today that I can grab a single users AD info. What I am looking for is code that acts like Powershells Search-ADAccount -LockedOut

This is a snippet of what I have but it is not returning all Locked accounts.

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUri);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "username@ourdomain.com");
env.put(Context.SECURITY_CREDENTIALS, "password";

try {
    DirContext ctx = new InitialLdapContext(env,null);
    SearchControls searchCtls = new SearchControls();
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    String searchFilter = "(&(objectClass=User)(lockoutTime>=1))";
    String searchBase = usersContainer;
    NamingEnumeration<SearchResult> answer = ctx.search(searchBase, searchFilter, searchCtls);
    while (answer.hasMore()) {
        SearchResult result = (SearchResult) answer.next();
        adInfo = result.getAttributes();
    }

    ctx.close();
}
catch (NamingException e) {

}

I put this 

(&(objectClass=User)(lockoutTime>=1))

line in there to see if it would just go and find all the locked accounts. I also tried

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

but no luck.

So... I am at a stand still considering the lack of Java LDAP support so I turned to here to see if anyone has any ideas.

reddragon72
  • 191
  • 1
  • 3
  • 16
  • Possible duplicate of [Detect if an Active Directory user account is locked using LDAP in Python](https://stackoverflow.com/questions/11795294/detect-if-an-active-directory-user-account-is-locked-using-ldap-in-python) – Am_I_Helpful Feb 02 '18 at 07:56
  • Though the flagged duplicate is a Python question, but OP is using the same filter option of LDAP. It'd work for you. – Am_I_Helpful Feb 02 '18 at 07:57
  • What's your error message? – T-Heron Feb 03 '18 at 16:30
  • No error actually it is just not returning the same data as Powershell. I am thinking that this is not doing a search since it only returns three users but it returns all their data and funny as they are not locked. I know I am doing something wrong here just not sure what lol. I'll check out the other post in a few. – reddragon72 Feb 04 '18 at 19:07

0 Answers0