On Wed, Dec 28, 2011 at 2:01 PM, Michael Leone <[email protected]> wrote:
> So I know that the AD attribute "UserAccountControl" is the sum of the
> values of 21 different values (i.e., so a value of 546 = 2+32+512,
> which is composed of the sum of the constants ACCOUNT_DISABLED,
> PASSWORD_NOT_REQUIRED, and NORMAL_ACCOUNT).
Actually, it's a field of bit flags. Each flag is a bit at some
position in machine storage (memory). Because computers also store
numbers in binary, this is functionally equivalent to adding multiples
of 2, but one should understand the "why?". If nothing else, it shows
the way to the solution.
> So how do I go about testing for ACCOUNT_DISABLED within the
> total value of "UserAccountControl"?
Do a bitwise AND between the candidate user's value and ACCOUNT_DISABLED.
I'm only on page 143 of "PowerShell in Action", and haven't gotten
to bitwise operators yet, but Google results suggest this should work:
if ($user.UserAccountControl -band $ACCOUNT_DISABLED) { ...
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
