Re: Update Lockout user attribute Programmatically
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Dec 2006 15:38:21 -0600
You can't programmatically lock a user in any other way than by generating
the required failed number of authentications that your policy specifies.
lockoutTime can only be set to 0 by users and
msds-user-account-control-computed is a read-only, computed attribute.
You can programmatically disable users by changing userAccountControl.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Ryan Sanders" <RyanLSanders@xxxxxxxxxxxxxxxxx> wrote in message
news:_ijgh.24353$B42.18458@xxxxxxxxxxxxxxx
Because that is what the boss said, you know how that goes. Also there
are nearly 500 use case setup one of these calls for the program to lock
the account, many other call for disable account. I am not the BA, this
is what they told me needs to occur.
I believe that the site returns a different message to the end user and
thus different corrective action based on status locked or disabled.
So can this be done? Flip a flag or change an attribute value to lock the
accounts.
Thanks.
Jorge de Almeida Pinto [MVP - DS] wrote:
why do you want to lock and not disable? what is the purpose?
.
- References:
- Update Lockout user attribute Programmatically
- From: Ryan Sanders
- Re: Update Lockout user attribute Programmatically
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Update Lockout user attribute Programmatically
- From: Ryan Sanders
- Update Lockout user attribute Programmatically
- Prev by Date: Re: AD Sites and Services Question
- Next by Date: Re: Forest level is 2000, domain level is 2003
- Previous by thread: Re: Update Lockout user attribute Programmatically
- Next by thread: Re: Update Lockout user attribute Programmatically
- Index(es):
Relevant Pages
|
