Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
To enable any of the flags directly available from the userAccountControl attribute (see Table 7.6), use the XOR bitwise operator. Listing 7.6 contains a script that demonstrates how to evaluate and set a password flag in the userAccountControl attribute.
Scripting Steps
Listing 7.6 contains a script that disables the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag using the XOR operator. To carry out this task, the script performs the following steps:
- Set a constant to the value of the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag in the userAccountControl attribute.
- Bind to the user account object by using the GetObject function and the LDAP provider.
- Create a variable, and initialize it to the integer value of the userAccountControl attribute.
- Use the bitwise AND operator to determine whether the flag is enabled.
- If the flag is enabled, use the XOR bitwise operator to disable it in the userAccountControl attribute of the user account object.
- Commit the change to the user account object in the local property cache to Active Directory.
Listing 7.6 Disabling a Password-Related Flag in userAccountControl
1 2 3 4 5 6 7 8 9 10 11 12
| Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80 Set objUser = GetObject _ ( "LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com ") intUAC = objUser.Get( "userAccountControl ") If intUAC AND _ ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Then objUser.Put "userAccountControl ", intUAC XOR _ ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED objUser.SetInfo End If |
Send us your feedback | « Previous | Next » |