useraccountcontrol LDAP

Go to solution
Melker
Kilo Expert

‎01-27-2021 07:00 AM

Hi I'm trying to figure out how get the value from ldap import and userAccountControl attribute

I need to get the value for disabled.
ACCOUNTDISABLE     0x0002     2

Lockout
LOCKOUT     0x0010     16

Password can't change
PASSWD_CANT_CHANGE     0x0040     64

Password never expires
DONT_EXPIRE_PASSWORD     0x10000     65536

Smartcard
SMARTCARD_REQUIRED     0x40000     262144

and
password expired
PASSWORD_EXPIRED     0x800000     8388608
and all combinations of this values

Have create new true/false fields in the user table and want to populate it from LDAP import.

I have looked at some articles but they only refers to disabled account.
How can i extract different values i diffrent LDAP transforms script
Use the HEX value?

I'm new to SN scripting.

Labels:
0 Helpfuls
  • 6,483 Views
1 ACCEPTED SOLUTION

Go to solution
Melker
Kilo Expert
In response to John Goldstein

‎02-01-2021 12:31 AM

Thanks.
I missed that one. 🙂
I have now solved this 

 

Created one for each value I want to get.
This is for Password expired.

find_real_file.png
This is for password never expires.
if (ctrl.substr(-5,1) == "1")

Thank all for the help to point me in the right direction

 

 

 

View solution in original post

Preview file
89 KB
0 Helpfuls
6 REPLIES 6

Go to solution
John Goldstein
Tera Contributor

‎01-29-2021 12:46 PM

In the onBefore script for LDAP example there is a script like this one:

//Deactivate LDAP-disabled users during transform based on 'userAccountControl' attribute.
//This transform script is inactive by default
//
//NOTE: User records must be visible based on the OU filter in order to be disabled

//Convert the userAccountControl attribute to a hex value
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);

//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
   target.active = false;
   target.locked_out = true;
   if (action == 'insert')
      ignore = true;
} 
else {
   //Optional: Reactivate and unlock the user account
   target.locked_out = ctrl.substr(-2, 1) == "1";
}

The above script will convert the source variable u_useraccountcontrol to a hex value and then you can test the last few digits for the value you wish to trigger a behavior.

Go to solution
Melker
Kilo Expert
In response to John Goldstein

‎02-01-2021 12:31 AM

Thanks.
I missed that one. 🙂
I have now solved this 

 

Created one for each value I want to get.
This is for Password expired.

find_real_file.png
This is for password never expires.
if (ctrl.substr(-5,1) == "1")

Thank all for the help to point me in the right direction

 

 

 

Preview file
89 KB
0 Helpfuls