 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / June 2007Enable/Disable local active directory account from code?
This MSDN article http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx and this codeproject article http://www.codeproject.com/useritems/everythingInAD.asp both show the same c# code for enabling and disabling active directory accounts. I'm trying to do that to a local user account and it's not working the "userAccountControl" Property is null on my user. this code fales because that property doesn't exist on my local user DirectoryEntry user = new DirectoryEntry(member); val = (int)user.Properties["userAccountControl"].Value; the user I'm trying to do this to is not a domain user, the account is local to the machine. any ideas? thanks mike PS I looped through the properties of my user and saw these; "UserFlags" "MaxStorage" "PasswordAge" "PasswordExpired" "LoginHours" "FullName" "Description" "BadPasswordAttempts" "LastLogin" "HomeDirectory" "LoginScript" "Profile" "HomeDirDrive" "Parameters" "PrimaryGroupID" "Name" "MinPasswordLength" "MaxPasswordAge" "MinPasswordAge" "PasswordHistoryLength" "AutoUnlockInterval" "LockoutObservationInterval" "MaxBadPasswordsAllowed" "RasPermissions" "objectSid" Try this: // Set the 2nd bit user.Properties["UserFlags"].Value = ((int)user.Properties["UserFlags"].Value) | 2; > This MSDN article > http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx [quoted text clipped - 46 lines] > "RasPermissions" > "objectSid" > This MSDN article > http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx [quoted text clipped - 45 lines] > "RasPermissions" > "objectSid" "UserFlags" is what you need to look at. ... const int UF_ACCOUNTDISABLE = 0x0002; string userName = "someoneIdontLike"; using(DirectoryEntry comp = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")) { using(DirectoryEntry NewUser = comp.Children.Find(userName, "user")) { NewUser.Properties["UserFlags"].Value = ((int)NewUser.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE; NewUser.CommitChanges(); } } Note that here I'm only resetting the UF_ACCOUNTDISABLE bit, while I'm preserving the other bits! Search MSDN for the other possible bits in this property. Willy. For a start there is no such thing as a local AD account. It is a SAM account, so the ADSI scripting wont work. You need this code: strComputer = "atl-ws-01" Set objUser = GetObject("WinNT://" & strComputer & "/Guest") objUser.AccountDisabled = True objUser.SetInfo From here: http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true > This MSDN article > http://msdn2.microsoft.com/en-us/library/ms180913(vs.80).aspx [quoted text clipped - 45 lines] > "RasPermissions" > "objectSid" Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.