On Wed, Dec 28, 2011 at 3:54 PM, Michael B. Smith <[email protected]> wrote:
> A PropertyValueCollection has to be changed to an Int32. For a singleton like
> userAccountControl, it will typically be something like:
>
> $uac = $user.Properties.userAccountControl.Item( 0 )
That didn't work for me ...
PS Z:\PHA Scripts> .\FindUser.PS1
Method invocation failed because
[System.DirectoryServices.DirectoryEntry] doesn't contain a method
named 'userAccountControl'.
At Z:\PHA Scripts\FindUser.PS1:22 char:33
+ $uac = $User.userAccountControl <<<< (0)
+ CategoryInfo : InvalidOperation:
(userAccountControl:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
-------------------------
Doing this, did work:
$uac = $User.userAccountControl[0]
(note square brackets, not parens.
>
> Regards,
>
> Michael B. Smith
> Consultant and Exchange MVP
> http://TheEssentialExchange.com
>
>
> -----Original Message-----
> From: Michael Leone [mailto:[email protected]]
> Sent: Wednesday, December 28, 2011 3:18 PM
> To: NT System Admin Issues
> Subject: Re: Deciphering "UserAccountControl" using PowerShell
>
> On Wed, Dec 28, 2011 at 2:44 PM, Ben Scott <[email protected]> wrote:
>
>> Do a bitwise AND between the candidate user's value and ACCOUNT_DISABLED.
>>
>> I'm only on page 143 of "PowerShell in Action", and haven't gotten
>> to bitwise operators yet, but Google results suggest this should work:
>>
>> if ($user.UserAccountControl -band $ACCOUNT_DISABLED) { ...
>
> Not working for me ... here's the script, and if fails on that IF ...
>
> $ADS_UF_ACCOUNTDISABLED = 0x00002
> $ADS_UF_NORMAL_ACCOUNT = 0x00200
> $UserToFind = "leonem"
> $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
> $Search.filter = "(&(objectClass=user)(sAMAccountName=$UserToFind))"
> $SearchResults=$Search.FindAll()
>
> ForEach ($Result in $SearchResults) {
> $User=$Result.GetDirectoryEntry()
> $User.givenName
> if ($User.userAccountControl -band $ADS_UF_NORMAL_ACCOUNT )
> {
> Write-Host "Normal user"
> }
> else
> {
> Write-Host "Abnormal user"
> }
> }
>
> PS Z:\PHA Scripts> .\FindUser.PS1
> Michael
> The '-band' operator failed: Cannot convert the
> "System.DirectoryServices.PropertyValueCollection" value of type
> "System.DirectoryServices.PropertyValueCollection" to type
> "System.Int32"..
> At Z:\PHA Scripts\FindUser.PS1:11 char:36
> + if ($User.userAccountControl -band <<<< $ADS_UF_NORMAL_ACCOUNT )
> + CategoryInfo : InvalidOperation: (:) [], RuntimeException
> + FullyQualifiedErrorId : OperatorFailed
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to [email protected]
> with the body: unsubscribe ntsysadmin
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
