Active Directory Permissions and C#31 Oct 2013
I’ve been doing some work recently with C# querying AD for locked out users. One of the requirements for this was to only show users that can be altered by the user running the program.
Fortunately there is a computed AD attribute available for this to do the job, called allowedAttributesEffective. Here is some sample code to check a user for attributes you can write to: