16.9. Setting a User's Account Options


You want to view or update the userAccountControl attribute for a user. This attribute controls various account options; for example, the user must change his password at next logon and whether the account is disabled.


Using a graphical user interface

  1. Open the ADUC snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Beside Name, type the name of the user and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Select the Account tab.

  7. Many of the userAccountControl flags can be set under Account options.

  8. Click OK after you're done.

Using a command-line interface

The dsmod user command has several options for setting various userAccountControl flags, which are listed in the Discussion section. Each switch accepts yes or no as a parameter to either enable or disable the setting.

Using VBScript

' This code enables or disables a bit value in the userAccountControl attr.
strUserDN = "<UserDN>"     ' e.g., cn=rallen,ou=Sales,dc=rallencorp,dc=com
intBit = <BitValue>        ' e.g., 65536
boolEnable = <TrueOrFalse> ' e.g., TRUE ' ------ END CONFIGURATION --------- strAttr = "userAccountControl" set objUser = GetObject("LDAP://" & strUserDN) intBitsOrig = objUser.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, intBit, boolEnable) if intBitsOrig <> intBitsCalc then objUser.Put strAttr, intBitsCalc objUser.SetInfo WScript.Echo "Changed " & strAttr ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.