如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT?
[英]How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?
问题描述
我正在尝试使用PowerShell命令设置WORKSTATION_TRUST_ACCOUNT (0x1000)标志
https://support.microsoft.com/en-us/kb/305144
我搜索,发现Set-ADAccountControl命令.. https://technet.microsoft.com/en-us/library/ee617249.aspx
但是在MSDN中,没有写如何设置0x1000 。
如何使用PowerShell命令设置WORKSTATION_TRUST_ACCOUNT标志?
它们具有以下标志:
AccountNotDelegated
AllowReversiblePasswordEncryption
AuthType
CannotChangePassword
Credential
DoesNotRequirePreAuth
Enabled
HomedirRequired
MNSLogonAccount
Partition
PassThru
PasswordNeverExpires
PasswordNotRequired
Server
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
Confirm
WhatIf
编辑:
C# code
following is my C# code which is throwing error access denied.
const int iFlag = 0x1000;
string sCommonName = "CN=" + sMachineName;
DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer");
deComputer.Properties["sAMAccountName"].Value = sMachineName + "$";
deComputer.CommitChanges();
deComputer.Properties["userAccountControl"].Value = iFlag;
deComputer.CommitChanges(); // access denied exception.
1 个解决方案
解决方案1
1 2015-12-11 06:03:08
这是另一种方法:
$accountName = "userLogin"
$adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null
$adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))"
$adsiSearcherResult = $adsiSearcher.FindOne()
$user = $adsiSearcherResult.GetDirectoryEntry()
if(($user.UserAccountControl[0] -band 4096) -ne 0) {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName"
} else {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName"
# Add the useraccountdisabled flag (decimal value 4096)
$user.userAccountControl[0] += 4096
# Save the new value in the user object
$user.SetInfo()
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName"
}
来源: https : //knowledge.zomers.eu/PowerShell/Pages/How-to-control-UserAccountControl-Active-Directory-flags-with-PowerShell.aspx
如果用户帐户标题更改,则使用PowerShell修改Active Directory组成员身份
[英]Modify Active Directory group membership with powershell if title of user account changes
如何创建Powershell脚本来提取活动目录用户名,帐户用户名和lastlogondate?
[英]How do I create a powershell script to pull active directory usernames, account they are a member of and lastlogondate?
PowerShell - 使用Microsoft帐户连接到Azure Active Directory
[英]PowerShell - Connecting to Azure Active Directory using Microsoft Account
如何设置组策略以使用 Powershell 在 Active Directory 中的每个用户上设置登录脚本?
[英]How to setup a group policy to set a logon script on every user in Active Directory using Powershell?
如何使用PowerShell 2.0在其他域上解锁Active Directory帐户?
[英]How do you unlock an Active Directory account on a different domain using PowerShell 2.0?
Powershell GUI /表单-不创建Active Directory帐户
[英]Powershell GUI / Forms - Not creating Active Directory account
如何在Active Directory用户帐户上检测重命名或移动操作?
[英]How to detect rename or move operation on Active Directory user account?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用Powershell复制Active Directory用户帐户
使用其他用户帐户的Powershell脚本
如果用户帐户标题更改,则使用PowerShell修改Active Directory组成员身份
如何创建Powershell脚本来提取活动目录用户名,帐户用户名和lastlogondate?
PowerShell - 使用Microsoft帐户连接到Azure Active Directory
如何设置组策略以使用 Powershell 在 Active Directory 中的每个用户上设置登录脚本?
如何使用PowerShell 2.0在其他域上解锁Active Directory帐户?
变量的Powershell Active Directory帐户属性
Powershell GUI /表单-不创建Active Directory帐户
如何在Active Directory用户帐户上检测重命名或移动操作?
相关标签