How To

Enabling and Disabling Active Directory User Accounts

To Enable or Disable a User Account in Active Directory you need to set the ACCOUNTDISABLE Flag in the UserAccountControl attribute.

We have built this into the DS-UAC-Disabled column so that Data Sync handles all the complexity for you and all you need to do it return a Boolean value as to whether the account is enabled or disabled.

Returning True will disable the account and returning False will enable the user account.

The video below shows the process you need to follow to enable or disable Active Directory user accounts using Data Synchronisation Studio by updating the user account control attribute.

Connect to your Source and Target (Active Directory)

To get started you need to connect to your source data which contains a boolean column stating if the user account should be disabled or enabled. Returning True will disable the account and returning False will enable the user account.

Your data might look similar to:

Sample Data

Then you need to connect to your Active Directory as your target. Full details on how to connect to Active directory can be seen here.

Configure your Schema

You now need to add your enabled/disabled column to the schema map and map this to the DS-UAC-Disabled column in the target.

Schema Mapping

Compare and Synchronise

To run the compare to view the changes click the Compare A > B button in the toolbar. You can now view the changes that will be applied to ensure that they are correct. Click onto the blue diamond to view any update actions or the green plus for any additions. Deletes are disabled by default but will still show in the comparison results.

As this can have serious consequences we highly recommend you test this on a few select accounts before updating your whole Active Directory as you do not want to disable all user accounts by accident!

If you want to run a test on one account rather than the whole dataset then deselect the check-boxes using the clear all button and then check the check-box against the record/s you want to add.

Once you are happy with the changes click the Synchronise button to start the sync.

Sync Button

You can now either go into active directory and check that the updated accounts have the right status or you can preview the target data set and look at the disabled column values. Your Active Directory user accounts should now be disabled or enabled based upon your data.