fritz1968 has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I am looking for some sample code that will allow me to disable (and enable) a Active Directory user account. I have not been able to find anything (in Perl) that is helpful.

Any help/suggestions/links/etc... would be much appreciated.

thanks, Frank

Replies are listed 'Best First'.
Re: Disable an AD Account via LDAP
by NetWallah (Canon) on Oct 08, 2012 at 15:34 UTC
    The LDAP attribute you need to use is: 
    useraccountcontrol:1.2.840.113556.1.4.803

    [download]
    I do not have actual code to SET/RESET that, but you can start with: this StackOverflow article.

                 I hope life isn't a big joke, because I don't get it.
                       -SNL

[reply]
[d/l]
Re: Disable an AD Account via LDAP
by netsecgeek (Initiate) on Apr 12, 2013 at 19:44 UTC
    Per http://support.microsoft.com/kb/305144, the UAC code for a Normal_Account is 512. Make it 514 to disable the account. 
    my $ldap = Net::LDAP->new($host) or die "$@";
my $bind = $ldap->bind($bind_dn, password => $bind_pw);
my $result = $ldap->modify($user_dn, replace => { userAccountControl =
+> '512' });
$ldap->unbind();

    [download]
[reply]
[d/l]

Back to Seekers of Perl Wisdom