ADS_USER_FLAG_ENUM
The ADS_USER_FLAG_ENUM enumeration defines the flags used for manipulating various user properties in the directory.
typedef enum{
ADS_UF_SCRIPT = 0X0001,
ADS_UF_ACCOUNTDISABLE = 0X0002,
ADS_UF_HOMEDIR_REQUIRED = 0X0003,
ADS_UF_LOCKOUT = 0X0010,
ADS_UF_PASSWD_NOTREQD = 0X0020,
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
ADS_UF_NORMAL_ACCOUNT = 0X0200,
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0X1000,
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
ADS_UF_NOT_DELEGATED = 0X100000
} ADS_USER_FLAG_ENUM
Elements
- ADS_UF_SCRIPT
- The logon script will be executed.
- ADS_UF_ACCOUNTDISABLE
- The user's account is disabled.
- ADS_UF_HOMEDIR_REQUIRED
- The home directory is required.
- ADS_UF_LOCKOUT
- The account is currently locked out.
- ADS_UF_PASSWD_NOTREQD
- No password is required.
- ADS_UF_PASSWD_CANT_CHANGE
- The user cannot change the password. You can read this flag but you cannot set it directly. For sample code that shows how to prevent a user from changing his or her password, see User Cannot Change Password.
- ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
- The user can send an encrypted password.
- ADS_UF_TEMP_DUPLICATE_ACCOUNT
- This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Sometimes it is referred to as a local user account.
- ADS_UF_NORMAL_ACCOUNT
- This is a default account type that represents a typical user.
- ADS_UF_INTERDOMAIN_TRUST_ACCOUNT
- This is a permit to trust account for a system domain that trusts other domains.
- ADS_UF_WORKSTATION_TRUST_ACCOUNT
- This is a computer account for a Windows NT® Workstation/Windows® 2000 Professional or Windows NT® Server/Windows® 2000 Server that is a member of this domain.
- ADS_UF_SERVER_TRUST_ACCOUNT
- This is a computer account for a system backup domain controller that is a member of this domain.
- ADS_UF_DONT_EXPIRE_PASSWD
- Represents the password, which should never expire on the account.
- ADS_UF_MNS_LOGON_ACCOUNT
- This is an MNS logon account.
- ADS_UF_SMARTCARD_REQUIRED
- When set, this flag will force the user to log on using smart card.
- ADS_UF_TRUSTED_FOR_DELEGATION
- When set, the service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.
- ADS_UF_NOT_DELEGATED
- When set, the security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
Remarks
For more information, see the "Managing Users" topic in the Active Directory Programmer's Guide.
Note Because VBScript cannot read information from a type library, VBScript applications do not understand the symbolic constants as defined above. You should use the numerical constants instead to set the appropriate flags in your VBScript applications. If you want to use the symbolic constants as a good programming practice, you should make explicit declarations of such constants, as done here, in your VBScript applications.
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.
See Also
ADSI Enumerations, Managing Users, NetUserGetInfo