如何在C ++中的活动目录中查找Windows禁用和锁定帐户 [英] How to find windows disabled and locked accounts in active directory in C++

问题描述

我正在研究一个C ++项目，想找到一种在Active Directory中查找禁用/锁定帐户的方法.我发现下面的C ++API，但不确定它们是否可以解决我的目的还是其他一些API-

I am working on a C++ project and wanted to find a way to find disabled/locked accounts in the Active Directory. I have found below C++ APIs but not sure whether they would solve my purpose or is their some other APIs--

https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netuserenum

https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netusergetinfo

此外，由于我无法控制的原因，我只能使用C ++，而不能使用其他诸如Powershell脚本之类的东西

Also, for reasons outside my control, I have to use C++ only and not other things like powershell script etc

推荐答案

此处提供了有关如何执行此操作的C ++示例:

There are C++ examples of how to do this here: Searching with the IDirectorySearch Interface

当您转到调用 ExecuteSearch 的步骤时，要使用的LDAP查询将是:

When you get to the step where you call ExecuteSearch, the LDAP query you want to use would be:

(&(objectCategory=person)(objectClass=user)(|(userAccountControl:1.2.840.113556.1.4.803:=2)(lockoutTime>=1)))

该查询仅查找具有以下任一条件的用户帐户:

That query looks for only user accounts where either:

• userAccountControl 属性已设置，表示已禁用(该奇怪的数字是 LDAP_MATCHING_RULE_BIT_AND 运算符，如 lockoutTime 属性为1或更多，表示它已被锁定.

• The second bit of the userAccountControl attribute is set, meaning it's disabled, (that weird number is the LDAP_MATCHING_RULE_BIT_AND operator as described here, which is just a bitwise AND), or
• The lockoutTime attribute is 1 or more, meaning it's locked.

这篇关于如何在C ++中的活动目录中查找Windows禁用和锁定帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！