Monday, June 25, 2007

Active Directory Accountlock Vs Disabled

When an account is locked in AD "lockoutTime" attribute is set to the time when the account was locked.
If account was never locked then the user record will not have "lockoutTime" attribute.

If account is disabled then useraccountcontrol will be set to 514 or 546

