How can I check whether a user account has certain user properties flags set.

A. In the FAQ "How can I check which users have the "Password never expires" flag set on their account?" at http://www.windowsitpro.com/Articles/ArticleID/48309/48309.html, I explained how to look at the userAccountControl attribute to check whether the "Password never expires" flag is set. This attribute also holds flags for other user property settings, which are detailed at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/ads_user_flag_enum.asp. You can therefore change the script that I used in that FAQ (and which you can download at http://www.windowsitpro.com/content/content/48310/nopwdexpiry.zip) by using ADS_UF values that correspond to other user properties. For example, to check whether users have an account setting that prohibits them from changing their password, you would change the line

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

to

Const ADS_UF_PASSWD_CANT_CHANGE = &H0040 

and line

if userFlag AND ADS_UF_DONT_EXPIRE_PASSWD then

to

if userFlag AND ADS_UF_PASSWD_CANT_CHANGE then