Displaying Password Attributes Accessible from userAccountControl
Microsoft® Windows® 2000 Scripting Guide
The LDAP provider can read the value of the userAccountControl attribute to determine:
Whether a password is required.
Whether the Password never expires option is enabled or disabled.
Whether the Store password using reversible encryption option is enabled or disabled.
Scripting Steps
Listing 7.4 contains a script that displays the state of password flags in the userAccountControl attribute and the pwdLastSet attribute of a user account. To carry out this task, the script performs the following steps:
Create a Dictionary object to hold the value of the flags directly available from the userAccountControl attribute.
Define the name and the value of each flag in the Dictionary object.
Bind to the user account object by using the GetObject function and the LDAP provider.
Create the intUAC variable, and initialize it to the integer value of the userAccountControl attribute.
Create a loop, and use the bitwise AND operator to evaluate each flag value against the value of the userAccountControl attribute.
Display each flag name and whether it is enabled or disabled.
Listing 7.4 Displaying Password Attributes Available from the LDAP Provider and the userAccountControl Attribute
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
|