[英]How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?
我正在尝试使用PowerShell命令设置WORKSTATION_TRUST_ACCOUNT
(0x1000)标志
https://support.microsoft.com/en-us/kb/305144
我搜索,发现Set-ADAccountControl
命令.. https://technet.microsoft.com/en-us/library/ee617249.aspx
但是在MSDN中,没有写如何设置0x1000
。
如何使用PowerShell命令设置WORKSTATION_TRUST_ACCOUNT
标志?
它们具有以下标志:
AccountNotDelegated
AllowReversiblePasswordEncryption
AuthType
CannotChangePassword
Credential
DoesNotRequirePreAuth
Enabled
HomedirRequired
MNSLogonAccount
Partition
PassThru
PasswordNeverExpires
PasswordNotRequired
Server
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
Confirm
WhatIf
编辑:
C# code
following is my C# code which is throwing error access denied.
const int iFlag = 0x1000;
string sCommonName = "CN=" + sMachineName;
DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer");
deComputer.Properties["sAMAccountName"].Value = sMachineName + "$";
deComputer.CommitChanges();
deComputer.Properties["userAccountControl"].Value = iFlag;
deComputer.CommitChanges(); // access denied exception.
这是另一种方法:
$accountName = "userLogin"
$adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null
$adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))"
$adsiSearcherResult = $adsiSearcher.FindOne()
$user = $adsiSearcherResult.GetDirectoryEntry()
if(($user.UserAccountControl[0] -band 4096) -ne 0) {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName"
} else {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName"
# Add the useraccountdisabled flag (decimal value 4096)
$user.userAccountControl[0] += 4096
# Save the new value in the user object
$user.SetInfo()
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName"
}
来源: https : //knowledge.zomers.eu/PowerShell/Pages/How-to-control-UserAccountControl-Active-Directory-flags-with-PowerShell.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.