Click to Rate and Give Feedback
MSDN
MSDN Library
Directory Services
Directories
Attributes
All Attributes
 ms-DS-User-Account-Control-Computed...
ms-DS-User-Account-Control-Computed Attribute

msDS-User-Account-Control-Computed is much like userAccountControl, but the attribute's value can contain additional bits that are not persisted. The computed bits include:

ValueName (defined in iads.h)Description
0x0010UF_LOCKOUT
0x800000UF_PASSWORD_EXPIRED
0x4000000UF_PARTIAL_SECRETS_ACCOUNT
0x8000000UF_USE_AES_KEYS

 

The full list of bits that User-Account-Control and therefore msDS-User-Account-Control-Computed can also contain can be found in the User-Account-Control reference page (mapped through the ADSI flagset) or on the network management reference pages for the user_info_1008 structure.
CNms-DS-User-Account-Control-Computed
Ldap-Display-NamemsDS-User-Account-Control-Computed
Size-
Update Privilege-
Update Frequency-
Attribute-Id1.2.840.113556.1.4.1460
System-Id-Guid2cc4b836-b63f-4940-8d23-ea7acf06af56
SyntaxEnumeration

Implementations

Windows Server 2003

Link-Id-
MAPI-Id-
System-OnlyFalse
Is-Single-ValuedTrue
Is IndexedFalse
In Global CatalogFalse
NT-Security-DescriptorO:BAG:BAD:S:
Range-Lower-
Range-Upper-
Search-Flags0x00000000
System-Flags0x00000014
Classes used inUser

ADAM

Link-Id-
MAPI-Id-
System-OnlyFalse
Is-Single-ValuedTrue
Is IndexedFalse
In Global CatalogFalse
NT-Security-DescriptorO:BAG:BAD:S:
Range-Lower-
Range-Upper-
Search-Flags0x00000000
System-Flags0x00000014
Classes used inms-DS-Bindable-Object

Windows Server 2003 R2

Link-Id-
MAPI-Id-
System-OnlyFalse
Is-Single-ValuedTrue
Is IndexedFalse
In Global CatalogFalse
NT-Security-DescriptorO:BAG:BAD:S:
Range-Lower-
Range-Upper-
Search-Flags0x00000000
System-Flags0x00000014
Classes used inUser

Windows Server 2008

Link-Id-
MAPI-Id-
System-OnlyFalse
Is-Single-ValuedTrue
Is IndexedFalse
In Global CatalogFalse
NT-Security-DescriptorO:BAG:BAD:S:
Range-Lower-
Range-Upper-
Search-Flags0x00000000
System-Flags0x00000014
Classes used inUser

Send comments about this topic to Microsoft

Build date: 7/7/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Usage of msds-user-account-control-computed in LDAP code -- C#      Redgum   |   Edit   |   Show History
using System.DirectoryServices; // <-- Add a .NET reference to this namespace

string ExtLDAPQuery = "LDAP://my.ADInstance.Com/OU=OrgUnit,DC=My,DC=ADInstanc,DC=com";
string ExtLDAPUser = "MyUserID@my.ADInstance.Com";
string ExtLDAPPW = "MySuperSecurePassword";
string attrib = "msds-user-account-control-computed";
string temp = string.Empty;
// 0X0010 = 16 decimal
constint UF_LOCKOUT = 0x0010;

DirectoryEntry DE = new DirectoryEntry(ExtLDAPQuery, ExtLDAPUser, ExtLDAPPW, AuthenticationTypes.Secure);
DirectorySearcher DS = new DirectorySearcher(DE);
DE.Filter = "(&(objectcategory=person)(samaccountname=UsertoFind))";
SearchResult SR = DS.FindOne();

if (SR != null)
{
DirectoryEntry myDE = SR.GetDirectoryEntry();
//
// Iterate through the usual properties
//
foreach(string attrName in myDE.Properties.PropertyNames)
{
temp = myDE.Properties[attrName].Value.ToString();
//
// Do useful things with each attribute
//
}
//
// Now we can get the msds-user-account-control-computed attribute
// Note: If we attempt to do this prior to iterating through the usual
// list of properties, you'll get null for each property name
//

myDE.RefreshCache(newstring[]{attrib});
int flags = (int)user.Properties[attrib].Value;
if(((flags & UF_LOCKOUT) == UF_LOCKOUT))
{
// The user's account is locked out...
}

}



Processing
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement | Site Feedback
Page view tracker