How do I retrieve a list of all the 'locked' accounts in the Directory and Resource Adminstrator Web (NETIQKB13477)

  • 7713477
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How do I retrieve a list of all the 'locked' accounts in the Directory and Resource Adminstrator Web Console?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fix

The functionality to list only the locked accounts when searching, was not incorporated into the DRA Web Console. This is because there would a negative impact on performance when gathering this data.  The reason for the performance hit is that the typical lockout period is 30 mintues and since this value is not cached, DRA would have to query all domain controllers for this flag for all accounts everytime a search is done.  DRA would also have to continually query this flag for all accounts.

Starting in the Directory and Resource Administrator 6.6 Web Console, the 'locked' status is displayed when an Assistant Admin selects a user to perform the 'Unlock a User' task on. The locked status does not display when viewing the properties of a user.

In addition, the following CLI command will generate a list of all user accounts and whether the account is locked or not:

       EA USER * DISPLAY UNLOCK



Additional Information

Formerly known as NETIQKB13477