4

Here's some code:

        DirectorySearcher searcher = new DirectorySearcher();
        searcher.Filter =  "(&(objectClass=user)(sAMAccountName=" + lstUsers.SelectedItem.Text + "))";
        SearchResult result = searcher.FindOne();

Within result.Properties["useraccountcontrol"] will be an item which will give me a value depending on the state of the account. For instance, a value of 66050 means I'm dealing with: A normal account; where the password does not expire;which has been disabled. Explanation here.

What's the most concise way of finding out if my value "contains" the AccountDisable flag (which is 2)

Thanks in advance!

BIDeveloper
  • 2,628
  • 4
  • 36
  • 51

5 Answers5

6
Convert.ToBoolean((int)result.Properties["useraccountcontrol"] & 0x0002)

Translated from a current code base here, it should work...

flq
  • 22,247
  • 8
  • 55
  • 77
4
enum AccountFlags
{
    Script = (1<<0),
    AccountDisable = (1<<1),
    // etc...
}

if( ((int)result.Properties["useraccountcontrol"]) & AccountFlags.AccountDisable > 0 )
{
    // Account is Disabled...
}
FallenAvatar
  • 4,079
  • 1
  • 21
  • 24
4
UserAccountControlFlags userAccFlags = (UserAccountControlFlags) 66050;

// Much more readable    
if(userAccFlags.Has(UserAccountControlFlags.AccountDisabled))
{
   // Do your stuff here
}

And here's the extension method:

public static bool Has<T>(this System.Enum type, T value) where T : struct 
{
    return ((int)(object)type & (int)(object)value) > 0;
}

Enum definition referred from C# Online

[Flags]
public enum UserAccountControlFlags
{ 
  Script                             = 0x1,
  AccountDisabled                    = 0x2,
  HomeDirectoryRequired              = 0x8,
  AccountLockedOut                   = 0x10,
  PasswordNotRequired                = 0x20,
  PasswordCannotChange               = 0x40,
  EncryptedTextPasswordAllowed       = 0x80,
  TempDuplicateAccount               = 0x100,
  NormalAccount                      = 0x200,
  InterDomainTrustAccount            = 0x800,
  WorkstationTrustAccount            = 0x1000,
  ServerTrustAccount                 = 0x2000,
  PasswordDoesNotExpire              = 0x10000,
  MnsLogonAccount                    = 0x20000,
  SmartCardRequired                  = 0x40000,
  TrustedForDelegation               = 0x80000,
  AccountNotDelegated                = 0x100000,
  UseDesKeyOnly                      = 0x200000,
  DontRequirePreauth                 = 0x400000,
  PasswordExpired                    = 0x800000,
  TrustedToAuthenticateForDelegation = 0x1000000,
  NoAuthDataRequired                 = 0x2000000
}
shanethehat
  • 15,460
  • 11
  • 57
  • 87
Vivek
  • 16,360
  • 5
  • 30
  • 37
2

Here is great tutorial for Active Directory via C# in general (via).

Basically you want to check the number with the & operator:

if( ( result & ACCOUNTDISABLE ) == ACCOUNTDISABLE )
{ .... }

You can define ACCOUNTDISABLE as a const (like in the table you linked). Or you create an enum for the values. Make sure to assign the right numbers and set a [Flags]-attribute.
What you chose depends on how many values you need. When dealing only with ACCOUNTDISABLE and nothing else, a define or const will do.

Community
  • 1
  • 1
tanascius
  • 53,078
  • 22
  • 114
  • 136
1

Depending on your needs, you may be able to use ActiveDirectory to filter accounts by enabled/disabled status:

searcher.Filter =  "(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=2))";

or:

searcher.Filter =  "(&(objectClass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))";

Related MS KB article: http://support.microsoft.com/kb/269181

And Another Article: http://www.windowsserverfaq.org/?url=/faq/ADQueries/LDAP-Queries.asp

EpicVoyage
  • 604
  • 7
  • 20