This is version 1 2 . It is not the current version, and thus it cannot be edited.

Back to current versionRestore this version

Overview#

The account is disabled typically by setting a value on the entry.

When we refer to Administratively Disabled, this typically implies explicit permanently disabled entries. An Administratively Disabled entry can typically only be enabled by changing the Administratively Disabled Attribute Value.

This is NOT Locked By Intruder or any other form of lock out that might be activated by activities performed by the entry.

EDirectory loginDisabled#

EDirectory uses loginDisabled to indicate Administratively Disabled

Oracle orclisenabled#

How Oracle's OID uses orclisenabled to indicate Administratively Disabled

Active Directory Account Lockout#

Microsoft Active Directory uses the ACCOUNTDISABLE bit of the User-Account-Control Attribute to indicate Administratively Disabled

draft-behera-ldap-password-policy#

LDAP Server Implementations that use draft-behera-ldap-password-policy use the pwdAccountLockedTime to indicate Administratively Disabled

More Information#

There might be more information for this subject on one of the following:

• ACCOUNTDISABLE
• Active Directory Account Lockout
• Active Directory Computer Related LDAP Query
• Active Directory Locked Accounts
• Active Directory User Related Searches
• Authentication Failures
• Common Active Directory Bind Errors
• Common Edirectory Bind Errors
• Draft-behera-ldap-password-policy
• DxPwdLocked
• Event 4625
• Intruder Detection
• LOCKOUT
• Lockouttime
• NMAS Result Codes
• PwdAccountLockedTime
• Relative IDentifier
• Remote Authentication Dial-In User Service
• SCIM Password Management Extension
• XDAS for eDirectory