I was messing today with a small script to read the UserAccountControl flags of an Active Directory domain's user account base, and was tryng to find the correct values that are present there. I ultimately stumbled upon a KB article http://support.microsoft.com/kb/305144 which is brilliant.. The key info that I needed was below so I thought I would share it with you:
If you want to find this information out in your domain, you can use the saved query feature in Active Directory users and computers tool. This can be done as follows:
This can also be done via Visual Basic Scripting :
Set oNSP = GetObject("LDAP://Win2000Server/rootdse")Set oConfig = GetObject("LDAP://Win2000Server/" & oNSP.get("DefaultNamingContext"))Set oConn = CreateObject("ADODB.Connection")oConn.Provider = "ADSDSOObject"oConn.Open ""strQuery = "<" & oConfig.ADsPath & ">;(&(objectCategory=person)(objectClass=User)(userAccountControl:1.2.840.1135184.108.40.2063:=2));name,objectClass;subtree"Set oRS = oConn.Execute(strQuery)While Not oRS.EOF MsgBox oRS.Fields("name") oRS.MoveNextWendMsgBox "done"Set oConn = NothingSet oRS = NothingSet oConfig = NothingSet oNSP = Nothing
This script has been written by Microsoft on the following KB http://support.microsoft.com/?id=269181
There are also scripts in the TechNet ScriptCenter that can accomplish what you are trying to do. gallery.technet.microsoft.com/.../en-us
Good Info.. Thanks
I stumbled with this post just now, excellent BTW.
Paulo Marques (MSFT)
Easy way, no scripts.