RE: UserAccountControl Attribute

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thanks for the input fellas. As we continued to dig into this what we've
found is all the user accounts that are found by the query have a count of 6
_hashtable entries...the accounts we're having issues with only have 4. The
AD atributes 'MEMBEROF' and 'userACCOUNTCONTROL' are not found or included
in the _hashtable results so when masked with the bit for NORMAL_ACCOUNT the
results become false.

I beleive the query is written in ASP.net...I'm not the developer but just
the guy trying to get everyone to show on the list.

I believe this is the query:

string[] Parameters = { "samaccountname", "cn", "mail", "memberof",
"useraccountcontrol" };
try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://"; +
AdDomain, AdAccount, AdPassword);
DirectorySearcher Searcher = new DirectorySearcher(entry);
Searcher.Filter = "(objectCategory=" + "user" + ")";
foreach (string parameter in Parameters)
{
Searcher.PropertiesToLoad.Add(parameter);
}
Searcher.Sort.PropertyName = "cn";

XmlElement RowsNode =
(XmlElement)UsersDoc.DocumentElement.SelectSingleNode("Rows");

foreach (SearchResult result in Searcher.FindAll())
{
DirectoryEntry Entry = result.GetDirectoryEntry();

ResultPropertyCollection PropColl = result.Properties;
string AccountName = null;
string CommonName = null;
string EmailAddress = null;
bool NORMAL_ACCOUNT = false;
bool ACCOUNTDISABLE = false;
Int32 AccountControl = 0;

foreach (string Key in PropColl.PropertyNames)
{
if (Key == "samaccountname")
{
AccountName = PropColl[Key][0].ToString();
}
if (Key == "cn")
{
CommonName = PropColl[Key][0].ToString();
}
if (Key == "mail")
{
EmailAddress = PropColl[Key][0].ToString();
}
if (Key == "useraccountcontrol")
{
//http://support.microsoft.com/kb/305144
AccountControl = (Int32)PropColl[Key][0];
NORMAL_ACCOUNT = ((AccountControl & 0x00000200)
0);
ACCOUNTDISABLE = ((AccountControl & 0x00000002)
0);



"Dixson" wrote:

We have a custom application that uses an LDAP query against AD (2000 native)
to provide a list of all active user accounts but, the results of the query
is missing a handfull of active user accounts. From what I've been able to
find, all the user accounts in question are not flagged as NORMAL_ACCOUNT
(hex=0x0200, dec=512) but, when I've checked the properties of each account
in AD there's nothing different from the accounts that appear from the query.

Can ldp.exe or adsiedit.msc help find what may be different about the user
accounts in question? If so, is there a good "for dummies" on how to use
these tools?
.

Relevant Pages

  • Re: Problem with Code Because I already have an Open Query
    ... FROM [RESPEL ALL CHARGES] INNER JOIN RESERVATIONS ON [RESPEL ALL ... The too few parameters error means the query is missing values for 3 ... I use a QUERYcalled "ACCOUNTS" because it takes data from different ... Now from there I use a Form "ACCOUNTS SEARCH" with a SubForm to filter ...
    (microsoft.public.access.forms)
  • Re: Problem with Code Because I already have an Open Query
    ... Make a copy of the Accounts query to work with call it qryAccountsCopy. ... FROM [RESPEL ALL CHARGES] INNER JOIN RESERVATIONS ON [RESPEL ALL ...
    (microsoft.public.access.forms)
  • Re: Problem with Code Because I already have an Open Query
    ... Make a copy of the Accounts query to work with call it qryAccountsCopy. ... FROM [RESPEL ALL CHARGES] INNER JOIN RESERVATIONS ON [RESPEL ALL ...
    (microsoft.public.access.forms)
  • Re: Problem with Code Because I already have an Open Query
    ... Make a copy of the Accounts query to work with call it qryAccountsCopy. ... FROM [RESPEL ALL CHARGES] INNER JOIN RESERVATIONS ON [RESPEL ALL ...
    (microsoft.public.access.forms)
  • Re: UserAccountControl Attribute
    ... specific user objects (enabled user accounts) that appear to be missing those ... How can I view the attributes of the user objects in question? ... foreach (string parameter in Parameters) ...
    (microsoft.public.win2000.active_directory)