16.9. Setting a User's Account Options
Problem
You want to view or update the userAccountControl
attribute for a user. This attribute controls various account options;
for example, the user must change his password at next logon and
whether the account is disabled.
Solution
Using a graphical user interface
Open the ADUC snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Beside Name, type the name of the user and click Find Now.
In the Search Results, double-click on the user.
Select the Account tab.
Many of the
userAccountControl
flags can be set under Account options.Click OK after you're done.
Using a command-line interface
The dsmod
user
command has
several options for setting various userAccountControl
flags, which are listed
in the Discussion section. Each switch accepts yes
or no
as a parameter to either enable or
disable the setting.
Using VBScript
' This code enables or disables a bit value in the userAccountControl attr. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>
" ' e.g., cn=rallen,ou=Sales,dc=rallencorp,dc=com intBit =<BitValue>
' e.g., 65536 boolEnable =<TrueOrFalse>
' e.g., TRUE ' ------ END CONFIGURATION --------- strAttr = "userAccountControl" set objUser = GetObject("LDAP://" & strUserDN) intBitsOrig = objUser.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, intBit, boolEnable) if intBitsOrig <> intBitsCalc then objUser.Put strAttr, intBitsCalc objUser.SetInfo WScript.Echo "Changed " & strAttr ...
Get Windows Server Cookbook now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.