Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: adsi properties password dsCreateObj
How do I set the password for the user?
Also, can I set such details as the settings for Terminal Server? Specifically the timeout for clearing "disconnected" sessions and timeout for disconnecting sessions that are idle?
I am running the script on a Win2000 server.
SUGGESTIONS:
To help me figure out which user properties did what; I made myself a script that gets the list of properties
and then gets the values for each property. I manually created a test user with the windows interface and
typed in values in most all the fields so I would recognize them in my script output.
When I have all the fields in a table as I plan to I can E-mail it to you to hopefully include it in the help file or
in a text file so it can save time for other users.
Also, techsupt and I figured out that "UserPrincpalname" is the property I needed to set to allow Win2000 users to logon. The example for dsCreateObj did not set this property. It only set the samAccountName which as I understand it, is just for the "Pre-Win2000" users.
Thank you for providing a helpful extender.
Enabling an user:
To enable a user account you need to use the dsGetProperty and dsSetProperty functions like this:
; Define a constant for readability. UF_ACCOUNTDISABLE = 2 ; Get the current value. nValue = dsGetProperty( sUserPath, "userAccountControl") ; Remove the "disable" bit. nValue = nValue ^ UF_ACCOUNTDISABLE ;the caret is a bitwise Exclusive OR (XOR) operator ; Reset the property. dsSetProperty(sUserPath, "userAccountControl", nValue)Below is a brief description of the property and some of the possible values. This information has been lifted from Microsoft's ADSI documentation.
Property: userAccountControl - userAccountControl property specifies flags that control password, lockout, disable/enable, script, and home directory behavior for the user. This property also contains a flag that indicates the account type of the object. The user object usually has the UF_NORMAL_ACCOUNT set. Values: UF_SCRIPT = 1 ( The logon script executed. This value must be set for LAN Manager 2.0 or Windows NT.) UF_ACCOUNTDISABLE = 2 (The user's account is disabled.) UF_HOMEDIR_REQUIRED = 8 (The home directory is required. This value is ignored in Windows NT and Windows 2000.) UF_PASSWD_NOTREQD = 32 (No password is required.) UF_PASSWD_CANT_CHANGE = 64 (The user cannot change the password.) UF_LOCKOUT = 16 (The account is currently locked out. This value can be cleared to unlock a previously locked account. This value cannot be used to lock a previously locked account.) UF_DONT_EXPIRE_PASSWD = 65536 (Represents the password, which should never expire on the account.)The following values describe the account type. Only one value can be set. You cannot change the account type.
UF_NORMAL_ACCOUNT = 512 (This is a default account type that represents a typical user) UF_TEMP_DUPLICATE_ACCOUNT = 256 (This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.) UF_WORKSTATION_TRUST_ACCOUNT = 4096 (This is a computer account for a Windows NT Workstation/Windows 2000 Professional or Windows NT Server/Windows 2000 Server that is a member of this domain.) UF_SERVER_TRUST_ACCOUNT = 8192 (This is a computer account for a Windows NT Backup Domain Controller that is a member of this domain.) UF_INTERDOMAIN_TRUST_ACCOUNT = 2048 (This is a permit to trust account for a Windows NT domain that trusts other domains.)Finally:
Article ID: W14516
Filename: How do I set the Password and Other Properties.txt
File Created: 2002:06:28:10:24:40
Last Updated: 2002:06:28:10:24:40