<!-- Written by Luke Powers, luke@lpsystems.net --><html><head><title>AD Lock Check</title></head><body><h1>AD Lockout Status</h1><?php// Prevent page cachingheader("Cache-Control: no-cache, must-revalidate");header("Pragma: no-cache");header("Expires: Sat, 1 Jan 2000 00:00:00 GMT");if(isset($_POST['username'])){// Get username to lookup but remove all but alphanumeric characters$account=preg_replace("/[^a-zA-Z0-9]+/","",trim($_POST["username"]));$lockedout=0;$adservers=array('adserver1.domain.local','adserver2.domain.local');$ldaprdn='domain'."\\".'username';// ldap rdn or dn$ldappass='password';// associated password$searchdomain="dc=domain,dc=local";foreach($adserversas$adserver){$ldapconn=ldap_connect($adserver)ordie("Failed to connect to $adserver");ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3);ldap_set_option($ldapconn,LDAP_OPT_REFERRALS,0);if($ldapconn){// binding to ldap server$ldapbind=ldap_bind($ldapconn,$ldaprdn,$ldappass);// verify bindingif($ldapbind){// Verify user exsists$ver_ldapfilter="(&(objectClass=user)(sAMAccountName=".$account."))";$ver_attributes=array('samaccountname');$ver_searchresult=ldap_search($ldapconn,$searchdomain,$ver_ldapfilter,$ver_attributes);$ver_info=ldap_get_entries($ldapconn,$ver_searchresult);// If user does exsist lookup against ADif($ver_info["count"]>=1){$ldapfilter="(&(objectClass=user)(sAMAccountName=".$account.")(lockoutTime>=1))";$attributes=array('lockouttime','samaccountname','msds-user-account-control-computed','givenname');$searchresult=ldap_search($ldapconn,$searchdomain,$ldapfilter,$attributes);$info=ldap_get_entries($ldapconn,$searchresult);// Incase result is 0if($info["count"]>=1){// Loop through attributesfor($i=0;$i<$info["count"];$i++){$accname=$info[$i]["samaccountname"][0];$acclocked=$info[$i]["msds-user-account-control-computed"][0];// If account name is valid and locked status is 16 print info about lockif($accname!=""&&$acclocked=="16"){$lockedout=1;echo"account ".$accname." was locked out at ";$ctime=$info[$i]["lockouttime"][0]/10000000-11644477200;$date=date("h:i:sa T m-d-Y",$ctime);echo"$date on AD server $adserver.<br />";}else{echo"$account is not locked out on AD server $adserver<br>";}}}else{echo"$account is not locked out on AD server $adserver<br>";}}else{echo"<span style=\"color:red;\">User $account was not found on $adserver</span><br>";}}else{echo"LDAP bind failed... Something went horribly wrong. Contact admin@domain.local for assistance.";}}}ldap_unbind($ldapbind);if($lockedout==1){echo"<br> Please contact admin@domain.local to unlock your account.<br>";}else{echo"<br>";}echo"<FORM><INPUT TYPE=\"button\" onClick=\"history.back()\" VALUE=\"Search again\"></FORM>";}else{?><formaction="#"method="POST"><labelfor="username">Username: </label><inputid="username"type="text"name="username"placeholder="Domain Username"/><inputtype="submit"name="submit"value="Submit"/></form><h5>Note: Only alphanumeric text is accepted.</h5><?php}?></body></html>
Comments (0)
HTTPSSSH
You can clone a snippet to your computer for local editing.
Learn more.