All geek questions in one place

I (think) I want to use the BItWise Operator to check the useraccountcontrol property!

Here is the code:

        DirectorySearcher searcher = new DirectorySearcher();
        searcher.Filter =  "(&(objectClass=user)(sAMAccountName=" + lstUsers.SelectedItem.Text + "))";
        SearchResult result = searcher.FindOne();

Inside result.Properties ["useraccountcontrol"] there will be an element that will give me a value depending on the state of the account. For example, a value of 66050 means that I am dealing with: Regular accounting; where the password does not expire and it is disabled. The explanation is here .

What is the most concise way to find out if my value contains the "AccountDisable flag (which is 2)

Thanks in advance!

+3
source share
5 answers
Convert.ToBoolean((int)result.Properties["useraccountcontrol"] & 0x0002)

Translated from the current code base here, it should work ...

+5
source 
enum AccountFlags
{
    Script = (1<<0),
    AccountDisable = (1<<1),
    // etc...
}

if( ((int)result.Properties["useraccountcontrol"]) & AccountFlags.AccountDisable > 0 )
{
    // Account is Disabled...
}
+4
source 
UserAccountControlFlags userAccFlags = (UserAccountControlFlags) 66050;

// Much more readable    
if(userAccFlags.Has(UserAccountControlFlags.AccountDisabled))
{
   // Do your stuff here
}

:

public static bool Has<T>(this System.Enum type, T value) where T : struct 
{
    return ((int)(object)type & (int)(object)value) > 0;
}

enum, # Online

[Flags]
public enum UserAccountControlFlags
{ 
  Script                             = 0x1,
  AccountDisabled                    = 0x2,
  HomeDirectoryRequired              = 0x8,
  AccountLockedOut                   = 0x10,
  PasswordNotRequired                = 0x20,
  PasswordCannotChange               = 0x40,
  EncryptedTextPasswordAllowed       = 0x80,
  TempDuplicateAccount               = 0x100,
  NormalAccount                      = 0x200,
  InterDomainTrustAccount            = 0x800,
  WorkstationTrustAccount            = 0x1000,
  ServerTrustAccount                 = 0x2000,
  PasswordDoesNotExpire              = 0x10000,
  MnsLogonAccount                    = 0x20000,
  SmartCardRequired                  = 0x40000,
  TrustedForDelegation               = 0x80000,
  AccountNotDelegated                = 0x100000,
  UseDesKeyOnly                      = 0x200000,
  DontRequirePreauth                 = 0x400000,
  PasswordExpired                    = 0x800000,
  TrustedToAuthenticateForDelegation = 0x1000000,
  NoAuthDataRequired                 = 0x2000000
}
+3

Active Directory # ().

&:

if( ( result & ACCOUNTDISABLE ) == ACCOUNTDISABLE )
{ .... }

ACCOUNTDISABLE const ( ). . [Flags] -attribute.
, , , . ACCOUNTDISABLE , const.

+2

ActiveDirectory / :

searcher.Filter =  "(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=2))";


searcher.Filter =  "(&(objectClass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))";

Related MS KB article: http://support.microsoft.com/kb/269181

And another article: http://www.windowsserverfaq.org/?url=/faq/ADQueries/LDAP-Queries.asp

+1
source

Source: https://habr.com/ru/post/1737184/

More articles:


All Articles