How to determine if user account is enabled or disabled

this code here should work...

private bool IsActive(DirectoryEntry de)
{
  if (de.NativeGuid == null) return false;

  int flags = (int)de.Properties["userAccountControl"].Value;

  return !Convert.ToBoolean(flags & 0x0002);
}

Not that anyone asked, but here's a java version (since I ended up here looking for one). Null checking is left as an exercise for the reader.

private Boolean isActive(SearchResult searchResult) {
    Attribute userAccountControlAttr = searchResult.getAttributes().get("UserAccountControl");
    Integer userAccountControlInt = new Integer((String) userAccoutControlAttr.get());
    Boolean disabled = BooleanUtils.toBooleanObject(userAccountControlInt & 0x0002);
    return !disabled;
}

Using System.DirectoryServices.AccountManagement: domainName and username must be the string values of the domain and username.

using (var domainContext = new PrincipalContext(ContextType.Domain, domainName))
{
    using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, username)) 
    {
        if (foundUser.Enabled.HasValue) 
        {
            return (bool)foundUser.Enabled;
        }
        else
        {
            return true; //or false depending what result you want in the case of Enabled being NULL
        }
    }
}

How to determine if user account is enabled or disabled

Tags:

C#

Active Directory

Attributes

Directoryservices

Related

Recent Posts