Posted by: R Manimaran | July 8, 2008

ActiveDirectory UserAccountControl flag

ActiveDirectory UserAccountControl flag

 

 I worked in a project in which I need to get all the active users from the ActiveDirectory. Active directory have a flag attribute UserAccountControl which has some serial of values. Using these values only we can modify the user account state.

 

Property flag

Value in hexadecimal

Value in decimal

SCRIPT

0x0001

1

ACCOUNTDISABLE

0x0002

2

HOMEDIR_REQUIRED

0x0008

8

LOCKOUT

0x0010

16

PASSWD_NOTREQD

0x0020

32

PASSWD_CANT_CHANGE

0x0040

64

ENCRYPTED_TEXT_PWD_ALLOWED

0x0080

128

TEMP_DUPLICATE_ACCOUNT

0x0100

256

NORMAL_ACCOUNT

0x0200

512

INTERDOMAIN_TRUST_ACCOUNT

0x0800

2048

WORKSTATION_TRUST_ACCOUNT

0x1000

4096

SERVER_TRUST_ACCOUNT

0x2000

8192

DONT_EXPIRE_PASSWORD

0x10000

65536

MNS_LOGON_ACCOUNT

0x20000

131072

SMARTCARD_REQUIRED

0x40000

262144

TRUSTED_FOR_DELEGATION

0x80000

524288

NOT_DELEGATED

0x100000

1048576

USE_DES_KEY_ONLY

0x200000

2097152

DONT_REQ_PREAUTH

0x400000

4194304

PASSWORD_EXPIRED

0x800000

8388608

TRUSTED_TO_AUTH_FOR_DELEGATION

 

 

 

 

There may be a combination of values in that flag.

For ex the value may be 66048 which means

NORMAL_ACCOUNT+ DONT_EXPIRE_PASSWORD è 512+65536 = 66048

 

Some other values

NORMAL_ACCOUNT+ DONT_EXPIRE_PASSWORD+ ACCOUNTDISABLE è 512+65536+2 = 66050

NORMAL_ACCOUNT+ ACCOUNTDISABLE è 512+2 = 514

NORMAL_ACCOUNT+ DONT_EXPIRE_PASSWORD+ PASSWD_NOTREQD

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: