62,041
社区成员
发帖
与我相关
我的任务
分享关于active directory编程,高手求助,小弟不行了
msdn上说useraccountcontrol中的值:账户正常是512(十进制),如果是被锁定的话,应该是512+16(十六进制的10),可我用程序或者csvde读出数值都是512?为什么啊!!!!
...全文
请发表友善的回复…
发表回复
liuyong82 2004-10-03
- 打赏
- 举报
To cancersyf(fengzhimei)大哥,那个adsiedit是不是可以从光盘中Support\Tools下安装的,谢谢你的提议,以后多交流:dlyhu@vip.sina.com
我是想通过,net的System.DirectoryService来读取域中所有帐户被锁定的用户,并自动解锁。
我是想通过,net的System.DirectoryService来读取域中所有帐户被锁定的用户,并自动解锁。
liuyong82 2004-10-03
- 打赏
- 举报
谢谢大家的积极回复,祝国庆快乐。
nishengqiang04 2004-10-01
- 打赏
- 举报
up
cancersyf 2004-10-01
- 打赏
- 举报
有些时候属性值确实和MSDN说的不一样,我在实际的项目中也遇到过这样的问题,推荐一个工具给你使用,叫adsiedit,你可以通过他来查看一些属性值,也可以和我交流:cancersyf@hotmail.com
真相重于对错 2004-09-30
- 打赏
- 举报
如果不急,11过后给你答案(手头没有资料)
IT_Fish 2004-09-30
- 打赏
- 举报
高深的东西,还没涉及过,友情顶一下吧~~~~
zhouats2000 2004-09-30
- 打赏
- 举报
study
liuyong82 2004-09-29
- 打赏
- 举报
分不够,我继续加,我巴msdn关于useraccountcontrol的说明贴在下面
User-Account-Control
Flags that control the behavior of the user account.
CN User-Account-Control
Ldap-Display-Name userAccountControl
Size 4 bytes.
Update Privilege This value is set by the system.
Update Frequency Each time the account policy changes.
Attribute-Id 1.2.840.113556.1.4.8
System-Id-Guid bf967a68-0de6-11d0-a285-00aa003049e2
Syntax Enumeration
Implementations
Windows 2000 Server
Windows Server 2003
Windows 2000 Server Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed True
In Global Catalog True
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000019
System-Flags 0x00000012
Classes used in User
Windows Server 2003 Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed True
In Global Catalog True
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000019
System-Flags 0x00000012
Classes used in User
Remarks
This attribute value can be zero or a combination of one or more of the following values. Hexadecimal Value Description
0x00000001 The logon script is executed.
0x00000002 The user account is disabled.
0x00000008 The home directory is required.
0x00000010 The account is currently locked out.
0x00000020 No password is required.
0x00000040 The user cannot change the password.
0x00000080 The user can send an encrypted password.
0x00000100 This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.
0x00000200 This is a default account type that represents a typical user.
0x00000800 This is a permit to trust account for a system domain that trusts other domains.
0x00001000 This is a computer account for a computer that is a member of this domain.
0x00002000 This is a computer account for a system backup domain controller that is a member of this domain.
0x00004000 Not used.
0x00008000 Not used.
0x00010000 The password for this account will never expire.
0x00020000 This is an MNS logon account.
0x00040000 The user must log on using a smart card.
0x00080000 The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
0x00100000 The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
0x00200000 Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
0x00400000 This account does not require Kerberos preauthentication for logon.
0x00800000 The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
0x01000000 The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
User-Account-Control
Flags that control the behavior of the user account.
CN User-Account-Control
Ldap-Display-Name userAccountControl
Size 4 bytes.
Update Privilege This value is set by the system.
Update Frequency Each time the account policy changes.
Attribute-Id 1.2.840.113556.1.4.8
System-Id-Guid bf967a68-0de6-11d0-a285-00aa003049e2
Syntax Enumeration
Implementations
Windows 2000 Server
Windows Server 2003
Windows 2000 Server Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed True
In Global Catalog True
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000019
System-Flags 0x00000012
Classes used in User
Windows Server 2003 Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed True
In Global Catalog True
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000019
System-Flags 0x00000012
Classes used in User
Remarks
This attribute value can be zero or a combination of one or more of the following values. Hexadecimal Value Description
0x00000001 The logon script is executed.
0x00000002 The user account is disabled.
0x00000008 The home directory is required.
0x00000010 The account is currently locked out.
0x00000020 No password is required.
0x00000040 The user cannot change the password.
0x00000080 The user can send an encrypted password.
0x00000100 This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.
0x00000200 This is a default account type that represents a typical user.
0x00000800 This is a permit to trust account for a system domain that trusts other domains.
0x00001000 This is a computer account for a computer that is a member of this domain.
0x00002000 This is a computer account for a system backup domain controller that is a member of this domain.
0x00004000 Not used.
0x00008000 Not used.
0x00010000 The password for this account will never expire.
0x00020000 This is an MNS logon account.
0x00040000 The user must log on using a smart card.
0x00080000 The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
0x00100000 The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
0x00200000 Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
0x00400000 This account does not require Kerberos preauthentication for logon.
0x00800000 The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
0x01000000 The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
jasonboy 2004-09-29
- 打赏
- 举报
不懂,只能帮你up了
liuyong82 2004-09-29
- 打赏
- 举报
大家帮忙啊,兄弟已经不行了。
luckweb 2004-09-29
- 打赏
- 举报
顶一下
头发不能乱 2004-09-29
- 打赏
- 举报
不懂也应有分,顶
dhrubber 2004-09-29
- 打赏
- 举报
up
