By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,948 Members | 1,535 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,948 IT Pros & Developers. It's quick & easy.

Enable/Disable local active directory account from code?

P: n/a
This MSDN article
http://msdn2.microsoft.com/en-us/lib...13(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory"
"LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"
Jun 15 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Try this:

// Set the 2nd bit
user.Properties["UserFlags"].Value =
((int)user.Properties["UserFlags"].Value) | 2;
"Michael Howes" wrote:
This MSDN article
http://msdn2.microsoft.com/en-us/lib...13(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory"
"LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"
Jun 15 '07 #2

P: n/a
"Michael Howes" <mh****@xfortebio.comwrote in message
news:eU**************@TK2MSFTNGP03.phx.gbl...
This MSDN article
http://msdn2.microsoft.com/en-us/lib...13(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory" "LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"


"UserFlags" is what you need to look at.

...
const int UF_ACCOUNTDISABLE = 0x0002;
string userName = "someoneIdontLike";
using(DirectoryEntry comp = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",computer"))
{
using(DirectoryEntry NewUser = comp.Children.Find(userName, "user"))
{
NewUser.Properties["UserFlags"].Value =
((int)NewUser.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE;
NewUser.CommitChanges();
}
}

Note that here I'm only resetting the UF_ACCOUNTDISABLE bit, while I'm
preserving the other bits!
Search MSDN for the other possible bits in this property.

Willy.

Jun 15 '07 #3

P: n/a
For a start there is no such thing as a local AD account. It is a SAM
account, so the ADSI scripting wont work. You need this code:

strComputer = "atl-ws-01"
Set objUser = GetObject("WinNT://" & strComputer & "/Guest")

objUser.AccountDisabled = True
objUser.SetInfo

From here:
http://www.microsoft.com/technet/scr....mspx?mfr=true

"Michael Howes" <mh****@xfortebio.comwrote in message
news:eU**************@TK2MSFTNGP03.phx.gbl...
This MSDN article
http://msdn2.microsoft.com/en-us/lib...13(vs.80).aspx

and this codeproject article
http://www.codeproject.com/useritems/everythingInAD.asp

both show the same c# code for enabling and disabling active directory
accounts.

I'm trying to do that to a local user account and it's not working
the "userAccountControl" Property is null on my user.

this code fales because that property doesn't exist on my local user

DirectoryEntry user = new DirectoryEntry(member);
val = (int)user.Properties["userAccountControl"].Value;

the user I'm trying to do this to is not a domain user, the account is
local to the machine.

any ideas?
thanks
mike

PS I looped through the properties of my user and saw these;
"UserFlags"
"MaxStorage"
"PasswordAge"
"PasswordExpired"
"LoginHours"
"FullName"
"Description"
"BadPasswordAttempts"
"LastLogin"
"HomeDirectory" "LoginScript"
"Profile"
"HomeDirDrive"
"Parameters"
"PrimaryGroupID"
"Name"
"MinPasswordLength"
"MaxPasswordAge"
"MinPasswordAge"
"PasswordHistoryLength"
"AutoUnlockInterval"
"LockoutObservationInterval"
"MaxBadPasswordsAllowed"
"RasPermissions"
"objectSid"
Jun 17 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.