Has anyone ever expired an AD Account using the LDAP modify_object action?
I’ve tried setting a fileTime date on accountExpires and got permission denied and accountExpireDate comes back that it doesn’t exist. I’m pretty sure I have all the needed rights because I can rotate password, disable, and enable users without any issue.
I have read that account expiration has issues with python’s LDAP library.
Never mind, I figured this out.
Fun with AD Delegation on the service account I’m using 