Closed brandoncasaba closed 7 years ago
Thanks for reporting the issue. I simply set the flag to False by default.
Are there any objects where self.UserAccountControl == -1?
If there are, that logic will force them to always be isActive = false
There shouldn't be any as this is binary flag. It is included there in order to check if the value was successfully read. If it's a user account it should have a valid positive UAC flag.
On Fri, Jun 26, 2015 at 9:33 PM, Brandon Chalk notifications@github.com wrote:
Are there any objects where self.UserAccountControl == -1?
If there are, that logic will force them to always be isActive = false
— Reply to this email directly or view it on GitHub https://github.com/csababarta/ntdsxtract/pull/14#issuecomment-115848172.
I'm getting a few user objects in a couple domains that have a sid showing as S--1--1-0 that are coming up with a -1 there, but I think they might be foreign security principal (FSP) objects showing up in which they should not be active anyway. Otherwise looks good, doesn't seem to affect the dsgroups or dscomputers tools.
Do you get any similar flags on the computer objects? For instance to tell if a computer is active I've typically filtered on the When changed date for objects that were changed in the last month. Is anything better available?
isActive starts as True, the previous logic will never flip that to False.