It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

What LDAP filter do we use to reject mail for a disabled user in Active Directory?

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00007234

Scope:
Email Security Gateway All Firmwares

Answer:
The normal Active Directory filter that you should use is this
 
   ( (proxyaddresses=smtp:$
{recipient_email})(mail=${recipient_email}
)(userPrincipalName=$
{recipient_email})

   OR even better this (the shorter you can make your filter and have it still work the better)

   ( (proxyaddresses=smtp:${recipient_email}
)(mail=$
{recipient_email}))

The above filter with MOST Active Directory LDAP servers will return a valid response for Enabled and Disabled users.

The following filter will return an failure when doing a lookup for a DISABLED Active Directory user.

   (&(!(userAccountControl:1.2.840.113556.1.4.803:=2))( (proxyaddresses=smtp:${recipient_email}
)(mail=$
{recipient_email}
)))



Link To This Page: