Discussion:
How to enable disabled accounts in AD?
(too old to reply)
Andrija
2011-11-21 10:59:22 UTC
Permalink
This may sound as a not very bright question, but at the moment I am
not managing to enable disabled accounts in AD programatically.
Is there a straight forward way to enable disabled user accounts in AD
using userAccountControl attribute? Setting the value (from 514 to
512) after a password has been supplied, reports a not allowed action
in AD
[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A11E5, problem 5003
(WILL_NOT_PERFORM), data 0

Thanks
Eddie Hartman
2011-11-22 08:56:56 UTC
Permalink
Post by Andrija
This may sound as a not very bright question, but at the moment I am
not managing to enable disabled accounts in AD programatically.
Is there a straight forward way to enable disabled user accounts in AD
using userAccountControl attribute? Setting the value (from 514 to
512) after a password has been supplied, reports a not allowed action
in AD
[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A11E5, problem 5003
(WILL_NOT_PERFORM), data 0
Thanks
I believe that some actions (like setting a user password) require an
SSL connection to AD.

Hopefully someone out there in the community can keep me honest
here...

-Eddie
Raghavendra T A
2011-11-29 05:43:45 UTC
Permalink
Post by Eddie Hartman
Post by Andrija
This may sound as a not very bright question, but at the moment I am
not managing to enable disabled accounts in AD programatically.
Is there a straight forward way to enable disabled user accounts in AD
using userAccountControl attribute? Setting the value (from 514 to
512) after a password has been supplied, reports a not allowed action
in AD
[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A11E5, problem 5003
(WILL_NOT_PERFORM), data 0
Thanks
I believe that some actions (like setting a user password) require an
SSL connection to AD.
Hopefully someone out there in the community can keep me honest
here...
-Eddie
Hi,
I tried to create dummy user in my Active Directory & made him as a
member of Administrator group. (Just to ensure he can able to do
remote desktop). After that I disable his account from Active
Directory. Now from TDI using LDAP Connector in update mode, i set
userAccountControl attribute value to 512. After doing this, I was
able to successfully login back to my machine with the dummy user
account. Hope this helps.

:- Raghu
Andrija
2011-11-29 11:06:38 UTC
Permalink
Post by Raghavendra T A
Post by Eddie Hartman
Post by Andrija
This may sound as a not very bright question, but at the moment I am
not managing to enable disabled accounts in AD programatically.
Is there a straight forward way to enable disabled user accounts in AD
using userAccountControl attribute? Setting the value (from 514 to
512) after a password has been supplied, reports a not allowed action
in AD
[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A11E5, problem 5003
(WILL_NOT_PERFORM), data 0
Thanks
I believe that some actions (like setting a user password) require an
SSL connection to AD.
Hopefully someone out there in the community can keep me honest
here...
-Eddie
Hi,
I tried to create dummy user in my Active Directory & made him as a
member of Administrator group. (Just to ensure he can able to do
remote desktop). After that I disable his account from Active
Directory. Now from TDI using LDAP Connector in update mode, i set
userAccountControl attribute value to 512. After doing this, I was
able to successfully login back to my machine with the dummy user
account. Hope this helps.
:- Raghu
Yes it helps. It is a simple test i performed myself. The problem is
when you try to change the status for a user which was 514 (disabled),
and you still do not have userPassword for him.
If there is no SSL in the target AD, writing to the attribute
userPassword has only a descriptive purpose. The security on AD has to
be raised in order to enable password updates and only after that, the
status can be changed

Continue reading on narkive:
Loading...