Setting User Account Flags

  • Article

This topic contains code examples that set various user flags. It uses the Properties property of the DirectoryEntry object to access the User-Account-Control attribute to set flags that are defined in the ADS_USER_FLAG_ENUM enumeration. For more information about the User-Account-Control attribute, see the topic User-Account-Control in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252. For more information about the ADS_USER_FLAG_ENUM enumeration, see the topic ADS_USER_FLAG_ENUM in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.

The following examples demonstrate how to set various properties of the DirectoryEntry object usr. Since this code accesses objects in the System.DirectoryServices namespace, add a reference to the System.DirectoryServices namespace in Solution Explorer when using this code in an application.

The following examples show how to require that a SmartCard be used for an interactive logon.

[Visual Basic]

Const ADS_UF_SMARTCARD_REQUIRED As Integer = &H40000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
      ADS_UF_SMARTCARD_REQUIRED
usr.CommitChanges()

const int ADS_UF_SMARTCARD_REQUIRED = 0x40000;
val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
    ADS_UF_SMARTCARD_REQUIRED;
usr.CommitChanges();

The following examples show how to set the account to use a DES encryption type.

[Visual Basic]

Const ADS_UF_USE_DES_KEY_ONLY As Integer = &H200000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
      ADS_UF_USE_DES_KEY_ONLY
usr.CommitChanges()

const int ADS_UF_USE_DES_KEY_ONLY=0x200000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
    ADS_UF_USE_DES_KEY_ONLY;
usr.CommitChanges();

The following examples show how to set the account so that it is trusted for delegation.

[Visual Basic]

Const ADS_UF_TRUSTED_FOR_DELEGATION As Integer = &H80000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
      ADS_UF_TRUSTED_FOR_DELEGATION
usr.CommitChanges()

const int ADS_UF_TRUSTED_FOR_DELEGATION =0x80000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
    ADS_UF_TRUSTED_FOR_DELEGATION;
usr.CommitChanges();

The following examples show how to show that the account is sensitive and cannot be used for delegation.

[Visual Basic]

Const ADS_UF_NOT_DELEGATED As Integer = &H100000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
      ADS_UF_NOT_DELEGATED
usr.CommitChanges()

const int ADS_UF_NOT_DELEGATED=0x100000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
    ADS_UF_NOT_DELEGATED;
usr.CommitChanges();

The following code examples show how to set the account so that it does not require Kerberos pre-authentication.

[Visual Basic]

Const ADS_UF_DONT_REQUIRE_PREAUTH As Integer = &H400000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
      ADS_UF_DONT_REQUIRE_PREAUTH
usr.CommitChanges()

const int ADS_UF_DONT_REQUIRE_PREAUTH=0x400000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
    ADS_UF_DONT_REQUIRE_PREAUTH;
usr.CommitChanges();

See Also

Reference

System.DirectoryServices
DirectoryEntry

Concepts

User Management

Send comments about this topic to Microsoft.

Copyright © 2007 by Microsoft Corporation. All rights reserved.