Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
The LDAP provider can read the value of the userAccountControl attribute to determine:
- Whether a password is required.
- Whether the Password never expires option is enabled or disabled.
- Whether the Store password using reversible encryption option is enabled or disabled.
Scripting Steps
Listing 7.4 contains a script that displays the state of password flags in the userAccountControl attribute and the pwdLastSet attribute of a user account. To carry out this task, the script performs the following steps:
- Create a Dictionary object to hold the value of the flags directly available from the userAccountControl attribute.
- Define the name and the value of each flag in the Dictionary object.
- Bind to the user account object by using the GetObject function and the LDAP provider.
- Create the intUAC variable, and initialize it to the integer value of the userAccountControl attribute.
- Create a loop, and use the bitwise AND operator to evaluate each flag value against the value of the userAccountControl attribute.
- Display each flag name and whether it is enabled or disabled.
Listing 7.4 Displaying Password Attributes Available from the LDAP Provider and the userAccountControl Attribute
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
| Set objHash = CreateObject( "Scripting.Dictionary ") objHash.Add "ADS_UF_PASSWD_NOTREQD ", &h00020 objHash.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED ", &h0080 objHash.Add "ADS_UF_DONT_EXPIRE_PASSWD ", &h10000 Set objUser = GetObject _ ( "LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com ") intUAC = objUser.Get( "userAccountControl ") For Each Key In objHash.Keys If objHash(Key) And intUAC Then Wscript.Echo Key & " is enabled " Else Wscript.Echo Key & " is disabled " End If Next |
Send us your feedback | « Previous | Next » |