value is the addition of codes
reference:
http://medgarnet.blogspot.com/2010/05/ad-useraccountcontrol-values.html
https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
http://ananthdeodhar.com/php-active-directory-integration-get-useraccountcontrol-attributes/
512 - Enable Account
514 - Disable account (512 + 2)
544 - Account Enabled - Require user to change password at first logon (512 + 32)
4096 - Workstation/server
66048 - Enabled, password never expires (512 + 65536)
66050 - Disabled, password never expires (512 + 2 + 65536)
66080 - Enabled, DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
262656 - Smart Card Logon Required
532480 - Domain controller
1 - script
2 - accountdisable
8 - homedir_required
16 - lockout
32 - password_not_reqd
64 - password_cant_change
128 - encrypted_text_pwd_allowed
256 - temp_duplicate_account
512 - normal_account
2048 - interdomain_trust_account
4096 - workstation_trust_account
8192 - server_trust_account
65536 - dont_expire_password
131072 - mns_logon_account
262144 - smartcard_required
524288 - trusted_for_delegation
1048576 - not_delegated
2097152 - use_des_key_only
4194304 - dont_req_preauth
8388608 - password_expired
16777216 - trusted_to_auth_for_delegation
|
SCRIPT
|
0x0001
|
1
|
|
ACCOUNTDISABLE
|
0x0002
|
2
|
|
HOMEDIR_REQUIRED
|
0x0008
|
8
|
|
LOCKOUT
|
0x0010
|
16
|
|
PASSWD_NOTREQD
|
0x0020
|
32
|
|
PASSWD_CANT_CHANGE
|
0x0040
|
64
|
|
Note You cannot assign this permission by
directly modifying the UserAccountControl attribute. For
information about how to set the permission programmatically, see the
"Property flag descriptions" section.
|
||
|
ENCRYPTED_TEXT_PWD_ALLOWED
|
0x0080
|
128
|
|
TEMP_DUPLICATE_ACCOUNT
|
0x0100
|
256
|
|
NORMAL_ACCOUNT
|
0x0200
|
512
|
|
INTERDOMAIN_TRUST_ACCOUNT
|
0x0800
|
2048
|
|
WORKSTATION_TRUST_ACCOUNT
|
0x1000
|
4096
|
|
SERVER_TRUST_ACCOUNT
|
0x2000
|
8192
|
|
DONT_EXPIRE_PASSWORD
|
0x10000
|
65536
|
|
MNS_LOGON_ACCOUNT
|
0x20000
|
131072
|
|
SMARTCARD_REQUIRED
|
0x40000
|
262144
|
|
TRUSTED_FOR_DELEGATION
|
0x80000
|
524288
|
|
NOT_DELEGATED
|
0x100000
|
1048576
|
|
USE_DES_KEY_ONLY
|
0x200000
|
2097152
|
|
DONT_REQ_PREAUTH
|
0x400000
|
4194304
|
|
PASSWORD_EXPIRED
|
0x800000
|
8388608
|
|
TRUSTED_TO_AUTH_FOR_DELEGATION
|
0x1000000
|
16777216
|
|
PARTIAL_SECRETS_ACCOUNT
|
0x04000000
|
67108864
|
----------------------------------------------------------------------------
PS C:\> Get-ADPrincipalGroupMembership -Identity username| select Name | Where-Object {$_.name -like '*ad group*' -or $_.name -like '*ADNAME*' } | Sort Name
No comments:
Post a Comment