You might be over-engineering the solution. :)
Try this to get a list of disabled users: Get-ADUser -Filter {enabled -eq
$false}
DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE
-----Original Message-----
From: Michael Leone [mailto:[email protected]]
Sent: Wednesday, December 28, 2011 2:01 PM
To: NT System Admin Issues
Subject: Deciphering "UserAccountControl" using PowerShell
So I know that the AD attribute "UserAccountControl" is the sum of the values
of 21 different values (i.e., so a value of 546 = 2+32+512, which is composed
of the sum of the constants ACCOUNT_DISABLED, PASSWORD_NOT_REQUIRED, and
NORMAL_ACCOUNT). But how do I break that down in Powershell? For example, I
want to do certain actions if a normal user account is disabled. However, I
can't just check for a value of 514 (2+512), since - like this example - the
value may be different, even tho this is an account I want to process. So how
do I go about testing for ACCOUNT_DISABLED within the total value of
"UserAccountControl"?
(in my case, I am planning to examine user home folders, and anyone who is
disabled, move them to a different holding folder. In our case, the user login
is used as the name of the folder, so I just need to match the folder name with
the "sAMAccountName" in AD)
Thanks
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
