It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

United States – English (GMT-8)

Total Email Protection

Essentials

Sentinel

Cloud-to-Cloud Backup

Cloud Archiving Service

PhishLine

Email Security Gateway

ArchiveOne

PST Enterprise

Forensics & Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen WAN

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Content Shield

Firewall Policy Manager

Backup

Server Backup

RMM (Formerly Managed Workplace)

Managed PhishLine

ECHOplatform

Intronis Backup

MSP Knowledgebase

Link Balancer

NextGen Firewall X

Load Balancer

SSL VPN

Phone System

Cloud Control

Control Server

Reference / FAQ

TechSummit 2019

Network Security

Barracuda Email Security Gateway

Overview Documentation Training Certification Materials

Total Email Protection

Essentials

Sentinel

Cloud-to-Cloud Backup

Cloud Archiving Service

PhishLine

Email Security Gateway

ArchiveOne

PST Enterprise

Forensics & Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen WAN

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Content Shield

Firewall Policy Manager

Backup

Server Backup

RMM (Formerly Managed Workplace)

Managed PhishLine

ECHOplatform

Intronis Backup

MSP Knowledgebase

Link Balancer

NextGen Firewall X

Load Balancer

SSL VPN

Phone System

Cloud Control

Control Server

Reference / FAQ

TechSummit 2019

Network Security

United States – English (GMT-8)

Back to Knowledgebase

What LDAP filter do we use to reject mail for a disabled user in Active Directory?

Type: Knowledgebase
Date changed: one year ago

Solution #00007234

Scope:

Email Security Gateway All Firmwares

Answer:

The normal Active Directory filter that you should use is this

( (proxyaddresses=smtp:$

{recipient_email})(mail=${recipient_email}

)(userPrincipalName=$

{recipient_email})

OR even better this (the shorter you can make your filter and have it still work the better)

( (proxyaddresses=smtp:${recipient_email}

)(mail=$

{recipient_email}))

The above filter with MOST Active Directory LDAP servers will return a valid response for Enabled and Disabled users.

The following filter will return an failure when doing a lookup for a DISABLED Active Directory user.

(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))( (proxyaddresses=smtp:${recipient_email}

)(mail=$

{recipient_email}

)))

Link To This Page:

https://campus.barracuda.com/solution/50160000000uJuVAAU

Additional Resources

Print Share Page