Overview#
The account is disabled typically by setting a value on the entry.When we refer to Administratively Disabled, this typically implies explicit permanently disabled entries. An Administratively Disabled entry can typically only be enabled by changing the Administratively Disabled attribute value.
This is NOT Locked By Intruder or any other form of lock out that might be activated by activities performed by the entry.
EDirectory loginDisabled#
EDirectory uses loginDisabled to indicate Administratively DisabledOracle orclisenabled#
How Oracle's OID uses orclisenabled to indicate Administratively DisabledActive Directory Locked Accounts#
Microsoft Active Directory uses the ACCOUNTDISABLE bit of the User-Account-Control Attribute to indicate Administratively Disableddraft-behera-ldap-password-policy#
LDAP Server Implementations that use draft-behera-ldap-password-policy use the pwdAccountLockedTime to indicate Administratively DisabledMore Information#
There might be more information for this subject on one of the following:- ACCOUNTDISABLE
- Active Directory Account Lockout
- Active Directory Computer Related LDAP Query
- Active Directory User Related Searches
- Authentication Failures
- Common Active Directory Bind Errors
- Common Edirectory Bind Errors
- Draft-behera-ldap-password-policy
- DxPwdLocked
- Intruder Detection
- LOCKOUT
- Lockouttime
- NMAS Result Codes
- PwdAccountLockedTime
- Relative IDentifier
- Remote Authentication Dial-In User Service
- SCIM Password Management Extension
- XDAS for eDirectory
