We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus

Back to Knowledgebase

What LDAP filter do we use to reject mail for a disabled user in Active Directory?

  • Type: Knowledgebase
  • Date changed: 9 months ago
Solution #00007234

Scope:
Email Security Gateway All Firmwares

Answer:
The normal Active Directory filter that you should use is this
 
   ( (proxyaddresses=smtp:$
{recipient_email})(mail=${recipient_email}
)(userPrincipalName=$
{recipient_email})

   OR even better this (the shorter you can make your filter and have it still work the better)

   ( (proxyaddresses=smtp:${recipient_email}
)(mail=$
{recipient_email}))

The above filter with MOST Active Directory LDAP servers will return a valid response for Enabled and Disabled users.

The following filter will return an failure when doing a lookup for a DISABLED Active Directory user.

   (&(!(userAccountControl:1.2.840.113556.1.4.803:=2))( (proxyaddresses=smtp:${recipient_email}
)(mail=$
{recipient_email}
)))



Link To This Page: