When you user the DSQUERY command to return the
userAccountControl attribute, it is returned as a numeric value.
I have scripted userAccountControl.bat to translate this value.
The syntax for using userAccountControl.bat is:
call userAccountControl uac CommaSeparatedString
Where uac is the numeric value of the userAccountControl attribute, and CommaSeparatedString is a call directed environment variable that will contain from 1 through n 'descriptions', separated by commas.
userAccountControl.bat contains:
@echo off if \{%2\}==\{\} @echo Syntax: call userAccountControl uac CommaSeparatedString&goto :EOF if "%1" EQU "512" set %2=NORMAL_ACCOUNT&goto :EOF setlocal set /a uac=%1 set %2=Unknown set css= if %uac% GEQ 16777216 set css=%css%,TRUSTED_TO_AUTH_FOR_DELEGATION&set /a uac=%uac% - 16777216 :GEQ if %uac% GEQ 16777216 set /a uac=%uac% - 16777216&goto GEQ if %uac% GEQ 8388608 set css=%css%, PASSWORD_EXPIRED&set /a uac=%uac% - 8388608 if %uac% GEQ 4194304 set css=%css%, DONT_REQ_PREAUTH&set /a uac=%uac% - 4194304 if %uac% GEQ 2097152 set css=%css%, USE_DES_KEY_ONLY&set /a uac=%uac% - 2097152 if %uac% GEQ 1048576 set css=%css%, NOT_DELEGATED&set /a uac=%uac% - 1048576 if %uac% GEQ 524288 set css=%css%, TRUSTED_FOR_DELEGATION&set /a uac=%uac% - 524288 if %uac% GEQ 262144 set css=%css%, SMARTCARD_REQUIRED&set /a uac=%uac% - 262144 if %uac% GEQ 131072 set css=%css%, MNS_LOGON_ACCOUNT&set /a uac=%uac% - 131072 if %uac% GEQ 65536 set css=%css%,DONT_EXPIRE_PASSWD&set /a uac=%uac% - 65536 if %uac% GEQ 32768 set css=%css%,UNKNOWN&set /a uac=%uac% - 32768 if %uac% GEQ 16384 set css=%css%,UNKNOWN&set /a uac=%uac% - 16384 if %uac% GEQ 8192 set css=%css%,SERVER_TRUST_ACCOUNT&set /a uac=%uac% - 8192 if %uac% GEQ 4096 set css=%css%,WORKSTATION_TRUST_ACCOUNT&set /a uac=%uac% - 4096 if %uac% GEQ 2048 set css=%css%,INTERDOMAIN_TRUST_ACCOUNT&set /a uac=%uac% - 2048 if %uac% GEQ 1024 set css=%css%,UNKNOWN&set /a uac=%uac% - 1024 if %uac% GEQ 512 set css=%css%,NORMAL_ACCOUNT&set /a uac=%uac% - 512 if %uac% GEQ 256 set css=%css%,TEMP_DUPLICATE_ACCOUNT&set /a uac=%uac% - 256 if %uac% GEQ 128 set css=%css%,UNKNOWN&set /a uac=%uac% - 128 if %uac% GEQ 64 set css=%css%,PASSWD_CANT_CHANGE&set /a uac=%uac% - 64 if %uac% GEQ 32 set css=%css%,PASSWD_NOTREQD&set /a uac=%uac% - 32 if %uac% GEQ 16 set css=%css%,LOCKOUT&set /a uac=%uac% - 16 if %uac% GEQ 8 set css=%css%,HOMEDIR_REQUIRED&set /a uac=%uac% - 8 if %uac% GEQ 4 set css=%css%,UNKNOWN&set /a uac=%uac% - 4 if %uac% GEQ 2 set css=%css%,ACCOUNTDISABLE&set /a uac=%uac% - 2 if %uac% GEQ 1 set css=%css%,SCRIPT&set /a uac=%uac% - 1 if %uac% NEQ 0 set css=%css%,UNKNOWN endlocal&set %2=%css:~1%NOTE: See How do I use the UserAccountControl flags to manipulate user account properties?
0 comments
Hide comments