Another Way to Manage AD's "Account is Disabled" Attribute

Novell Cool Solutions: Trench
By Glen Knutti

Digg This - Slashdot This Posted: 24 May 2004

In a related article, "Account is Disabled" Attribute, we (and a few of our friends) dealt with ways to modify this Active Directory attribute via Nsure Identity Manager. Here's another take on that process:

Problem

Posted tip '"Account is Disabled" Attribute' can be optimized.

Solution

Put this stylesheet in the Output Transform.

<?xml version="1.0" encoding="UTF-8"?.>
<xsl:stylesheet version="1.0" 
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    <xsl:strip-space elements="*"/>
    <xsl:output indent="yes" method="xml"/>
    <xsl:template match="@*|node()">
        <xsl:copy>
            <xsl:apply-templates select="node()|@*"/>
          </xsl:copy>
     </xsl:template>
    <xsl:template match="modify/modify-attr[@attr-name='userAccountControl']/remove-value"/>
</xsl:stylesheet>

Reader Comments

• Nico to see, but what is the advantage of this stylesheet? Cannot see any usefull thing on this. Rgs. Uwe
• I guess this is related to DirXML 1.1a. Actually, the AD driver v3.0 handles the Account Disable in a different way now. It uses alias attribute in order to sync the specific valeur of the userAccountControl set in AD. The AD driver manual of NSure Identity Manager 2.0 explains it well. I've just migated an AD driver from 2.x DirXML 1.1a to v3.0 NSure Identity Manager 2.0. The alias attribute works well.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com