Disable or Enable an AD LDS User
Updated: December 30, 2008
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
When you disable and enable an Active Directory Lightweight Directory Services (AD LDS) user, you control whether that user can bind to the AD LDS directory. You use the ADSI Edit snap-in to disable and enable AD LDS users.
Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.
To disable or enable an AD LDS user
Open ADSI Edit.
Connect and bind to an AD LDS instance. For more information, see Use ADSI Edit to Manage an AD LDS Instance.
Browse to the AD LDS user that you want to disable or enable, right-click that user, and then click Properties .
In Attributes , click msDS-UserAccountDisabled , and then click Edit .
Do one of the following, and then click OK :
To disable the AD LDS user, click True .
To enable the AD LDS user, click either False or Not set .
To open ADSI Edit, on a computer with the AD LDS server role installed, click Start , click Administrative Tools , and then click ADSI Edit .
By default, an AD LDS user is enabled when the user is created. However, if you assign a new AD LDS user a password that does not meet the password policy restrictions in effect on the local server or domain, that AD LDS user will be disabled by default.
If the AD LDS user that you want to enable or disable is currently logged on to the AD LDS instance, that user must log off for the new setting to take effect.
You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start , click Administrative Tools , and then click Active Directory Module for Windows PowerShell . For more information, see Disable or Enable an AD LDS User (http://go.microsoft.com/fwlink/?LinkId=137816). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).