如何知道用戶在Active Directory中處於活動狀態還是非活動狀態

Question

我已連接到Active Directory，以便驗證用戶名，但是如何知道用戶在AD中處於活動狀態還是非活動狀態？

示例代碼：

  private Properties properties; 
      private DirContext dirContext; 
      private SearchControls searchCtls; 
      private String[] returnAttributes = { "sAMAccountName", "givenName", "cn", "mail"}; 
      private String domainBase; 
      private String baseFilter = "(&((&(objectCategory=Person)(objectClass=User)))"; 
    public ActiveDirectory(String username, String password, String domainController,String url) { 
      properties = new Properties();   

      properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); 
      properties.put(Context.PROVIDER_URL, url); 
      properties.put(Context.SECURITY_AUTHENTICATION,"simple"); 
      properties.put(Context.SECURITY_PRINCIPAL,username+"@"+domainController); 
      properties.put(Context.SECURITY_CREDENTIALS, password); 

      //initializing active directory LDAP connection 
      try { 

       dirContext = new InitialDirContext(properties); 
       System.out.println("dirContext: "+dirContext); 
      } catch (NamingException e) { 
       e.printStackTrace(); 
       log.severe(e.getMessage()); 
      } catch (Exception e) { 
       e.printStackTrace(); 
      } 
       domainBase = getDomainBase(domainController); 

      //initializing search controls 
      searchCtls = new SearchControls(); 
      searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); 
      searchCtls.setReturningAttributes(returnAttributes); 

     } 



    public NamingEnumeration<SearchResult> searchUser(String searchValue, String searchBy, String searchBase) throws NamingException { 
       System.out.println("search value :: "+searchValue); 
       System.out.println("search base111 :: "+ ((null == searchBase) ? domainBase : getDomainBase(searchBase))); 
       String filter = getFilter(searchValue, searchBy);  
       String base = (null == searchBase) ? domainBase : getDomainBase(searchBase); // for eg.: "DC=myjeeva,DC=com"; 
       System.out.println("this.dirContext : "+this.dirContext); 



       return this.dirContext.search(base, filter, this.searchCtls); 
      } 
     private String getFilter(String searchValue, String searchBy) { 
      String filter = this.baseFilter;   
      if(searchBy.equals("email")) { 
       filter += "(mail=" + searchValue + "))"; 
      } else if(searchBy.equals("username")) { 
       filter += "(samaccountname=" + searchValue + "))"; 
      } 
      System.out.println("filter : "+filter); 
      return filter; 
     } 

我一直在使用這個this.dirContext.search(base, filter, this.searchCtls);

我怎麼能知道用戶是活躍或不活躍做搜索？

我發現谷歌得到active用戶(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))和deactive用戶(useraccountcontrol:1.2.840.113556.1.4.803:=2)如何在JAVA代碼中實現這兩個。

Answer 1

謝謝你，你的提示工作，我設法讀取活躍和不活躍的用戶。

我成功地從Active Directory讀取的活躍用戶使用此過濾器：

(&(objectClass=user)(objectCategory=person)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))) 

而與此過濾器的所有活動的用戶：

(&(objectClass=user)(objectCategory=person)(useraccountcontrol:1.2.840.113556.1.4.803:=2))