Enable/Disable local active directory account from code?

[Michael Howes]

This MSDN article
http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory"
"LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"

 

[Guest]

Try this:

// Set the 2nd bit
user.Properties["UserFlags"].Value =
((int)user.Properties["UserFlags"].Value) | 2;

 

[Willy Denoyette [MVP]]

This MSDN article
http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory" "LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"

"UserFlags" is what you need to look at.

...
const int UF_ACCOUNTDISABLE = 0x0002;
string userName = "someoneIdontLike";
using(DirectoryEntry comp = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",computer"))
{
using(DirectoryEntry NewUser = comp.Children.Find(userName, "user"))
{
NewUser.Properties["UserFlags"].Value =
((int)NewUser.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE;
NewUser.CommitChanges();
}
}

Note that here I'm only resetting the UF_ACCOUNTDISABLE bit, while I'm
preserving the other bits!
Search MSDN for the other possible bits in this property.

Willy.

 

[Jeremy]

For a start there is no such thing as a local AD account. It is a SAM
account, so the ADSI scripting wont work. You need this code:

strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Guest")

objUser.AccountDisabled = True
objUser.SetInfo

From here:
http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true