Coffeehouse Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Active Directory Video

Back to Forum: Coffeehouse
  • User profile image
    Quiddy Biddy

    Hi,

    I was watching the video for creating a user in Active Directory. When it comes to enabling the account with the 'userAccountControl' property, Robert sets it with the value of '0x0200'. I know this is the 'enabled' value but what type of value is this?

    I tried to put it in as a string but it didnt like that.

    I am using vb.net


    Much appreciated.

  • User profile image
    RichardRudek

    Probably a DWORD. The '0x' notation means that the number is written as a HexaDecimal value (Base-16). In Decimal, that would be 512.

    PS: you can use the (Windows) Calculator program. Just chand the view to Scientific, and you can switch betwen the Hex and Decimal modes...

  • User profile image
    W3bbo

    Quiddy Biddy wrote:
    Hi,

    I was watching the video for creating a user in Active Directory. When it comes to enabling the account with the 'userAccountControl' property, Robert sets it with the value of '0x0200'. I know this is the 'enabled' value but what type of value is this?

    I tried to put it in as a string but it didnt like that.

    I am using vb.net


    Much appreciated.


    The type is Int32

    You should use flags, rather than Magic Numbers. Here's what I use (C#):
        [Flags]
        internal enum UserAccountControl {
            /// <summary>The user account is disabled.</summary>
            Disabled = 2,
            /// <summary>Represents the password, which should never expire on the account.</summary>
            PasswordNeverExpires = 0x10000,
            /// <summary>(Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logging on.</summary>
            DontRequirePreauth = 0x400000,
            /// <summary>The user can send an encrypted password.</summary>
            AllowEncryptedTextPassword = 0x80,
            /// <summary>The home folder is required.</summary>
            HomeFolderRequired = 8,
            /// <summary>This is a permit to trust an account for a system domain that trusts other domains.</summary>
            IsInterDomainTrustAccount = 0x800,
            /// <summary>The account is currently locked out.</summary>
            LockedOut = 0x10,
            /// <summary>This is an MNS logon account.</summary>
            MnsLogonAccont = 0x20000,
            /// <summary>This is a default account type that represents a typical user.</summary>
            NormalAccount = 0x200,
            /// <summary>When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation.</summary>
            NotDelegated = 0x100000,
            /// <summary>The user cannot change the password. This is a permission on the user's object. For information about how to programmatically set this permission, visit the following Web site: http://msdn2.microsoft.com/en-us/library/aa746398.aspx</summary>
            PasswordCantChange = 0x40,
            /// <summary>No password is required.</summary>
            PasswordNotRequired = 0x20,
            /// <summary>(Windows 2000/Windows Server 2003) The user's password has expired.</summary>
            PasswordIsExpired = 0x800000,
            /// <summary>The logon script will be run.</summary>
            RunLogonScript = 1,
            /// <summary>This is a computer account for a domain controller that is a member of this domain.</summary>
            ServerTrustAccount = 0x2000,
            /// <summary>When this flag is set, it forces the user to log on by using a smart card.</summary>
            SmartcardRequired = 0x40000,
            /// <summary>This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account.</summary>
            TemporaryDuplicateAccount = 0x100,
            /// <summary>When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.</summary>
            TrustedForDelegation = 0x80000,
            /// <summary>(Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting. Accounts with this option enabled should be tightly controlled. This setting allows a service that runs under the account to assume a client's identity and authenticate as that user to other remote servers on the network.</summary>
            TrustedToAuthenticateForDelegation = 0x1000000,
            /// <summary>(Windows 2000/Windows Server 2003) Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.</summary>
            UseDesKeyOnly = 0x200000,
            /// <summary>This is a computer account for a computer that is running Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional, or Windows 2000 Server and is a member of this domain.</summary>
            WorkstationTrustAccount = 0x1000
        }

  • User profile image
    Quiddy Biddy

    Thanks very much for your help.

    You both helped me sort out and understand more clearly my problem, i now swear by forums.


    Cheers

    Quiddy Biddy

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.