Prior to Mac OS X Yosemite, admins were able to disable a Open Directory user by taking advantage of the pwpolicy command below:
pwpolicy -a diradmin -p password -u username -disableuser
or
pwpolicy -a diradmin -p password -u username -setpolicy 'isdisabled=1'
However, since updating to Yosemite, users are not actually disabled with these settings and they are deprecated in the MAN pages. Terminal will process them like they are successful, but the Server Admin GUI will still show the users as active, and they will still be able to access shared files.
According to the pwpolicy man page "Account Policies" are the replacement for the various deprecated pwpolicy commands as seen at http://www.manpagez.com/man/8/pwpolicy/. I'm having a bit of difficulty deciphering the format though. I simply need to disable a user, and I'm not finding the correct keyword setup.
Does anyone have any experience or suggestions?
Thanks!