Michael Freidgeim's Blog

Print UserAccountControl AD property programmatically.

Even there are a few standard AD Editors, including AD MMC, ADSIEdit, and LDM, I needed to read the UserAccountControl AD property from my application. UserAccountControl is a bit flags attribute,  so I had to create C# enum similar to C++ ADS_USER_FLAG_ENUM enum from MSDN.

Below is the code of functions GetUserAccountControl(DirectoryEntry anEntry) and
UserAccountControlToString(int? nUserAccountControl) :

        public static int? GetUserAccountControl(DirectoryEntry anEntry)

        {  //MNF 10/8/2005 if Properties["userAccountControl"] is not found ignore and return null

            int? val=null;

            if (null != anEntry)

            {

                PropertyCollection collProperties = anEntry.Properties;

                if ((null != collProperties) && (collProperties.Count > 0))

                {

                    object prop = anEntry.Properties["userAccountControl"];

                    if (null != prop && (prop is PropertyValueCollection))

                    {

                        object oVal = ((PropertyValueCollection)prop).Value;

////if property doesn't exist, than value is null See http://geekswithblogs.net/mnf/archive/2005/08/10/49754.aspx

                         val = (int?)oVal;

                    }

                }

            }

            Debug.Assert(val.HasValue , "anEntry.Properties[\"userAccountControl\"] not found");

            return val;

        }

        public static string UserAccountControlToString(int? nUserAccountControl) //, string sDelimeter)

        {

            if (!nUserAccountControl.HasValue )

            {

                return "UserAccountControl property wasn't loaded";

            }

            ADS_USER_FLAG_ENUM enUserAccountControl = (ADS_USER_FLAG_ENUM)nUserAccountControl;

            string sRet = enUserAccountControl.ToString();

            sRet=sRet.Replace("ADS_UF_",""); //remove the prefixes that looks redundunt

            return sRet;

        }

    }//class ADHepler

    //Alternatively you can use ActiveDs interop http://network.programming-in.net/articles/art14-2.asp?Interop=ActiveDs

    [Flags]

    public enum ADS_USER_FLAG_ENUM //http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/ads_user_flag_enum.asp

    {

            ADS_UF_SCRIPT = 0X0001,

            ADS_UF_ACCOUNTDISABLE = 0X0002,

            ADS_UF_HOMEDIR_REQUIRED = 0X0008,

            ADS_UF_LOCKOUT = 0X0010,

            ADS_UF_PASSWD_NOTREQD = 0X0020,

            ADS_UF_PASSWD_CANT_CHANGE = 0X0040,

            ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,

            ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,

            ADS_UF_NORMAL_ACCOUNT = 0X0200,

            ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,

            ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0X1000,

            ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,

            ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,

            ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,

            ADS_UF_SMARTCARD_REQUIRED = 0X40000,

            ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,

            ADS_UF_NOT_DELEGATED = 0X100000,

            ADS_UF_USE_DES_KEY_ONLY = 0x200000,

            ADS_UF_DONT_REQUIRE_PREAUTH = 0x400000,

            ADS_UF_PASSWORD_EXPIRED = 0x800000,

            ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000

      } ;//enum ADS_USER_FLAG_ENUM

posted @ Friday, December 08, 2006 9:01 AM