Re: Problems with the "User-Account-Control"-properties ! Help !

From: Jerold Schulman (Jerry_at_jsiinc.com)
Date: 08/09/04 

Date: Mon, 09 Aug 2004 15:47:36 -0400

I believe 544 means Normal Account and Password NOT Required, which may account
for this behavior.

On 9 Aug 2004 10:11:13 -0700, marc.schmidtmayer@gb.be (Schmidtmayer Marc) wrote:

>Hi all,
>
>I'm writing an application where I need to show the 'status' of users
>in AD.
>Now I'm having trouble with the flag "User must change password at
>next logon" for the "User-Account-Control"-property.
>
>The problem is that the 'value' of the "User-Account-Control"-property
>DOESN'T CHANGE whether the flag "User must change password at next
>logon" is checked or not.
>
>For example : In AD, my user has the flag "User must change password
>at next logon" checked and when I check the value of the
>"User-Account-Control"-property with ADSI-Edit ... it gives me 544 !!
>Then I uncheck the flag "User must change password at next logon" BUT
>THE VALUE DOESN'T change !!!!
>
>I can't get the 'right' value for this !!
>Other flags like "Account is disabled", etc ... do work !
>
>Here's an extract of my script :
>
>'*************************************************************************
> strFilter = "(&(objectclass=user)(objectcategory=person));"
> strAttrs = "name,userprincipalname,useraccountcontrol,adspath;"
> strScope = "subtree"
>
> Set objConn = CreateObject("ADODB.Connection")
> objConn.Provider = "ADsDSOObject"
> objConn.Open "Active Directory Provider"
>
> lPaths = UBound(as_paths())
> For lLoop = 1 To lPaths
>
> 'strBase = "<LDAP://" & as_paths(lLoop) & ">;"
> strBase = "<" & as_paths(lLoop) & ">;"
> Set objRS = objConn.Execute(strBase & strFilter & strAttrs &
>strScope)
>
> If Not objRS.EOF Then
> objRS.MoveFirst
> While Not objRS.EOF
>
> strUserNames(lTotalUsers) = objRS.Fields(0).Value
> strUserIDs(lTotalUsers) = objRS.Fields(1).Value
> lSetting = objRS.Fields(2).Value
> strtmp = "000"
> If (lSetting And ADS_UF_ACCOUNTDISABLE) =
>ADS_UF_ACCOUNTDISABLE Then Mid(strtmp, 1, 1) = "1"
> If (lSetting And ADS_UF_LOCKOUT) = ADS_UF_LOCKOUT Then
>Mid(strtmp, 2, 1) = "1"
> If (lSetting And ADS_UF_PWD_EXPIRED) =
>ADS_UF_PWD_EXPIRED Then Mid(strtmp, 3, 1) = "1"
> strAccountSettings(lTotalUsers) = strtmp
> strDNs(lTotalUsers) = objRS.Fields(3).Value
>
> objRS.MoveNext 'volgende
> Wend
> End If
>
> Next
>
>'*************************************************************************
>
>Any help is welcome !
>Thanks,
>Marc.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

Relevant Pages

  • Problems with the "User-Account-Control"-properties ! Help !
    ... Now I'm having trouble with the flag "User must change password at ... logon" is checked or not. ...
    (microsoft.public.win2000.active_directory)
  • Re: Password change on first logon
    ... Is there a Kerberos error code in the 675 event id? ... > set default passwords on the accounts for them to logon to the directory. ... When I set the "User must change password on ... > next logon" flag they can not change their passwords. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Change - Force change at next logon
    ... Does this mean that selecting the "user must change password at next logon" ... flag in AD is not supported with ISA? ...
    (microsoft.public.isa.enterprise)
  • Re: Reset password
    ... >reset it and then set the flag for the user to change password on next logon ...
    (microsoft.public.scripting.vbscript)
  • RE: No password expiration message/Cant change password
    ... Default Domain Policy: Local policies-security options: All that shows ... Policy: Network Security: Force logoff when logon hours expire. ... At first I get a Must Change Password notice, Click Change Password, get ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)