Detect if an Active Directory user account is locked using LDAP in Python

Question

I\'m validating user logins using python\'s ldap module. When the login fails, I get a ldap.INVALID_CREDENTIALS login, but this can be either because of a wrong password or

Answer 1

(&(objectClass=user)(&(lockoutTime=*)(!(lockoutTime=0))))

Will return objects which are users and have a present attribute named lockoutTime which isn't equal to 0.