Future Date enabling of an Active Directory User Account RRS feed

  • Question

  • We currently have a website where agents can create new users. Our program makes a call to AD to create the user account. On certain accounts, we need them disabled on creation and later enabled automatically on the effective date provided. I know right now in AD there is only an account expire date. Is there any way to have an account either created or enabled at a later date?

    Thursday, May 28, 2009 4:42 PM


  • Enabling and disabling a user is simply a matter of flipping a bit in the userAccountControl attribute. AD has no native mechanisms to perform the kinds of delayed actions that you are describing - your provisioning application will need to handle the logic of "On X date, modify the userAccountControl attribute of the following account(s) to the following value(s)."
    Laura Hunter - Directory Services MVP Identity Architect - Oxford Computer Group (http://www.oxfordcomputergroup.com)
    • Marked as answer by Joson Zhou Tuesday, June 9, 2009 3:01 AM
    Thursday, May 28, 2009 5:05 PM