Pulling only active users from ADS and trusts.
Does anyone know an easy way to pull only active users from a Windows domain controller?
2 domain controllers.
The main is 2003 with ADS etc.
The second domain is an old NT domain at another location.
Due to firewalls and routing I can only query the 2k3 box, it in turn will show all users (including disabled) on the NT domain via the trust.
For various reason LDAP is not an option for me.
Essentially I need a way to pull only the enabled/active users from the DC's.
'wbinfo -u' in this case shows all users-including disabled accounts.
And no, I have no idea why the standing policy is to disable the accounts instead of removing them outright.
I am setting up a jabber server and a couple other services that pull active accounts to the DB and will rip when the account is shut off. I am forced to use postgres for auth instead of LDAP due to the afore mentioned restrictions placed on me.
Anyone have any suggestions?