1

Topic: Active Directory -improved checking for disabled accounts

The tutorial for active directory integration works very well. I have it working with Windows Server 2008 R2.
I would recommend the following change to accurately check for disabled users:

Replace (!(userAccountControl=514))
with (!(userAccountControl:1.2.840.113556.1.4.803:=2))

This will work if the user has additional attributes like password expired or never changes.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Active Directory -improved checking for disabled accounts

Updated:
http://www.iredmail.org/wiki/index.php? … y.iRedMail

Thanks very much for your tip. smile