Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: userAccountControl UserFlags dsSetProperty dsGetPropertyPASSWD_NOTREQD NORMAL_ACCOUNT
To do the search of all of them I will use
dsFindPath(sSearchPoint, sSearch)with the sSearch something like: "(&(objectCategory=user)(userAccountControl:%xxx%:=%qqq%))" but I don't know the value of xxx and qqq. (for example for the dont_expire_passord xxx=1.2.840.113556.1.4.803 and qqq = 65536)
The second step is to remove the PASSWD_NOTREQD, I can use the command NET USER /passworlreq:yes but I prefer to use
nUserFlags = dsGetProperty(sUserPath, "Userflags")and
dsSetProperty( sUserPath, "Userflags", nUserFlags)but I don't know what value that I need to set to nUserFlags to remove PASSWD_NOTREQD
Would you please give me some hints?
In particular, this is of interest:
ADS_UF_PASSWD_NOTREQD - 0x00000020, which is 32 in decimal, and ADS_UF_NORMAL_ACCOUNT - 0x00000200, which is 512 in decimal.
So, your LDAP search filter expression would contain a fragment that looks like this:
"(&(objectCategory=user)(userAccountControl:1.2.840.113556.1.4.803:=544))"
That fragment of the filter expression would find all objects with an object category value of "user" and an userAccountControl value that contains both the bit specified by a decimal value of 32 and the bit specified by the decimal value 512. Effectively, this is all normal user account objects that don't require a password.
After you obtain the value of the userAccountControl attribute for an object by calling dsGetProperty(), you can toggle the password not required bit off by doing the following:
nUserFlags = nUserFlags & (~32)
Finally, call dsSetProperty() to store the new value in that attribute on the same user object.
Article ID: W17535
Filename: Modify UserAccountControl Attribute.txt
File Created: 2011:08:11:07:48:58
Last Updated: 2011:08:11:07:48:58