csababarta
commented
9 years ago Thanks for reporting the issue. I simply set the flag to False by default.
Closed brandoncasaba closed 7 years ago
csababarta
commented
9 years ago Thanks for reporting the issue. I simply set the flag to False by default.
brandoncasaba
commented
9 years ago Are there any objects where self.UserAccountControl == -1?
If there are, that logic will force them to always be isActive = false
csababarta
commented
9 years ago There shouldn't be any as this is binary flag. It is included there in order to check if the value was successfully read. If it's a user account it should have a valid positive UAC flag.
On Fri, Jun 26, 2015 at 9:33 PM, Brandon Chalk notifications@github.com wrote:
Are there any objects where self.UserAccountControl == -1?
If there are, that logic will force them to always be isActive = false
— Reply to this email directly or view it on GitHub https://github.com/csababarta/ntdsxtract/pull/14#issuecomment-115848172.
brandoncasaba
commented
9 years ago I'm getting a few user objects in a couple domains that have a sid showing as S--1--1-0 that are coming up with a -1 there, but I think they might be foreign security principal (FSP) objects showing up in which they should not be active anyway. Otherwise looks good, doesn't seem to affect the dsgroups or dscomputers tools.
Do you get any similar flags on the computer objects? For instance to tell if a computer is active I've typically filtered on the When changed date for objects that were changed in the last month. Is anything better available?
isActive starts as True, the previous logic will never flip that to False.