September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.24. Setting a User’s Account Options (userAccountControl)
Problem
You want to view or update
the userAccountControl attribute for a user. This
attribute controls various account options, such as if the user must
change their password at next logon and if the account is disabled.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Beside Name, type the name of the user and click Find Now.
In the Search Results, double-click on the user.
Select the Account tab.
Many of the
userAccountControlflags can be set under Account options.Click OK after you’re done.
Using a command-line interface
The dsmod
user command has
several options for setting various
userAccountControl flags, as shown in Table 6-2. Each switch accepts yes or
no as a parameter to either enable or disable the
setting.
Table 6-2. dsmod user options for setting userAccountControl
|
dsmod user switch |
Description |
|---|---|
|
|
Sets whether the user must change password at next logon. |
|
|
Sets whether the user can change his password. |
|
|
Set account status to enabled or disabled. |
|
|
Sets whether the user’s password is stored using reversible encryption. |
|
|
Sets whether the user’s password never expires. |
Using VBScript
' This code enables or disables a bit value in the userAccountControl attr. ' See Recipe 4.12 for the code for the ...