You want to view or update the userAccountControl
attribute for a user. This attribute controls various account options;
for example, the user must change his password at next logon and
whether the account is disabled.
Open the ADUC snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Beside Name, type the name of the user and click Find Now.
In the Search Results, double-click on the user.
Select the Account tab.
Many of the userAccountControl flags can be set
under Account options.
Click OK after you're done.
The dsmod user command has
several options for setting various userAccountControl flags, which are listed
in the Discussion section. Each switch accepts yes or no as a parameter to either enable or
disable the setting.
' This code enables or disables a bit value in the userAccountControl attr. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g., cn=rallen,ou=Sales,dc=rallencorp,dc=com intBit =<BitValue>' e.g., 65536 boolEnable =<TrueOrFalse>' e.g., TRUE ' ------ END CONFIGURATION --------- strAttr = "userAccountControl" set objUser = GetObject("LDAP://" & strUserDN) intBitsOrig = objUser.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, intBit, boolEnable) if intBitsOrig <> intBitsCalc then objUser.Put strAttr, intBitsCalc objUser.SetInfo WScript.Echo "Changed " & strAttr ...
No credit card required