Check if Active Directory user account disabled

Hi all,

I am new to Rails and in my app I need to check if a user account is
disabled in Active Directory. I am not using AD for Rails
authentication. I've searched around and I'm getting overwhelmed with
the answers. What would be the easiest way to go about this? Should I
just do some type of LDAP query?

Later on I will probably need the ability to enable/disable the Active
Directory account.


here are some options✓&q=active+directory

Thanks Jason! I ended up using net-ldap and just querying for
userAccountControl and comparing against this list:

def new_ldap_connection
      host: ENV['ad_host'],
      port: ENV['ad_port'],
      encryption: :simple_tls,
      base: ENV['ad_base'],
      auth: {
          method: :simple,
          username: ENV['ad_username'],
          password: ENV['ad_password'] })

def ldap_account_status(user)
  userAccountControl = new_ldap_connection().search(
      filter: Net::LDAP::Filter.eq('sAMAccountName', user.uniqname),
      attributes: %w[ userAccountControl ],
      return_result: true)

  if userAccountControl.nil? || userAccountControl.length == 0
    return 'no account'
    case userAccountControl.first.userAccountControl.first
      when ('512' || '544' || '66048') then return 'enabled'
      when ('514' || '546' || '66050') then return 'disabled'
      else return 'unknown'