Problems with the "User-Account-Control"-properties ! Help !

  • Thread starter Schmidtmayer Marc
  • Start date
S

Schmidtmayer Marc

Hi all,

I'm writing an application where I need to show the 'status' of users
in AD.
Now I'm having trouble with the flag "User must change password at
next logon" for the "User-Account-Control"-property.

The problem is that the 'value' of the "User-Account-Control"-property
DOESN'T CHANGE whether the flag "User must change password at next
logon" is checked or not.

For example : In AD, my user has the flag "User must change password
at next logon" checked and when I check the value of the
"User-Account-Control"-property with ADSI-Edit ... it gives me 544 !!
Then I uncheck the flag "User must change password at next logon" BUT
THE VALUE DOESN'T change !!!!

I can't get the 'right' value for this !!
Other flags like "Account is disabled", etc ... do work !

Here's an extract of my script :

'*************************************************************************
strFilter = "(&(objectclass=user)(objectcategory=person));"
strAttrs = "name,userprincipalname,useraccountcontrol,adspath;"
strScope = "subtree"

Set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"

lPaths = UBound(as_paths())
For lLoop = 1 To lPaths

'strBase = "<LDAP://" & as_paths(lLoop) & ">;"
strBase = "<" & as_paths(lLoop) & ">;"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs &
strScope)

If Not objRS.EOF Then
objRS.MoveFirst
While Not objRS.EOF

strUserNames(lTotalUsers) = objRS.Fields(0).Value
strUserIDs(lTotalUsers) = objRS.Fields(1).Value
lSetting = objRS.Fields(2).Value
strtmp = "000"
If (lSetting And ADS_UF_ACCOUNTDISABLE) =
ADS_UF_ACCOUNTDISABLE Then Mid(strtmp, 1, 1) = "1"
If (lSetting And ADS_UF_LOCKOUT) = ADS_UF_LOCKOUT Then
Mid(strtmp, 2, 1) = "1"
If (lSetting And ADS_UF_PWD_EXPIRED) =
ADS_UF_PWD_EXPIRED Then Mid(strtmp, 3, 1) = "1"
strAccountSettings(lTotalUsers) = strtmp
strDNs(lTotalUsers) = objRS.Fields(3).Value

objRS.MoveNext 'volgende
Wend
End If

Next

'*************************************************************************

Any help is welcome !
Thanks,
Marc.
 
J

Jerold Schulman

I believe 544 means Normal Account and Password NOT Required, which may account
for this behavior.



Hi all,

I'm writing an application where I need to show the 'status' of users
in AD.
Now I'm having trouble with the flag "User must change password at
next logon" for the "User-Account-Control"-property.

The problem is that the 'value' of the "User-Account-Control"-property
DOESN'T CHANGE whether the flag "User must change password at next
logon" is checked or not.

For example : In AD, my user has the flag "User must change password
at next logon" checked and when I check the value of the
"User-Account-Control"-property with ADSI-Edit ... it gives me 544 !!
Then I uncheck the flag "User must change password at next logon" BUT
THE VALUE DOESN'T change !!!!

I can't get the 'right' value for this !!
Other flags like "Account is disabled", etc ... do work !

Here's an extract of my script :

'*************************************************************************
strFilter = "(&(objectclass=user)(objectcategory=person));"
strAttrs = "name,userprincipalname,useraccountcontrol,adspath;"
strScope = "subtree"

Set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"

lPaths = UBound(as_paths())
For lLoop = 1 To lPaths

'strBase = "<LDAP://" & as_paths(lLoop) & ">;"
strBase = "<" & as_paths(lLoop) & ">;"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs &
strScope)

If Not objRS.EOF Then
objRS.MoveFirst
While Not objRS.EOF

strUserNames(lTotalUsers) = objRS.Fields(0).Value
strUserIDs(lTotalUsers) = objRS.Fields(1).Value
lSetting = objRS.Fields(2).Value
strtmp = "000"
If (lSetting And ADS_UF_ACCOUNTDISABLE) =
ADS_UF_ACCOUNTDISABLE Then Mid(strtmp, 1, 1) = "1"
If (lSetting And ADS_UF_LOCKOUT) = ADS_UF_LOCKOUT Then
Mid(strtmp, 2, 1) = "1"
If (lSetting And ADS_UF_PWD_EXPIRED) =
ADS_UF_PWD_EXPIRED Then Mid(strtmp, 3, 1) = "1"
strAccountSettings(lTotalUsers) = strtmp
strDNs(lTotalUsers) = objRS.Fields(3).Value

objRS.MoveNext 'volgende
Wend
End If

Next

'*************************************************************************

Any help is welcome !
Thanks,
Marc.
Click to expand...


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to 'retrieve' the 'pwdLastSet' into a LargeInteger ? 2
2 account options and where the flags are set 6
Security Settings for Password Policy and User properties 6
Help! - 0x80070005 - Access Denied Calling SetInfo ( ) 0
User Creation via HTA 2
Help with browse button in Access 2010 0
problems creating a user in Active directory 1
User Must Change Password At Next Logon LDAP Flag 1

Top