Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This topic contains code examples that set various user flags. It uses the Properties property of the DirectoryEntry object to access the User-Account-Control attribute to set flags that are defined in the ADS_USER_FLAG_ENUM enumeration. For more information about the User-Account-Control attribute, see the topic User-Account-Control in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252. For more information about the ADS_USER_FLAG_ENUM enumeration, see the topic ADS_USER_FLAG_ENUM in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
The following examples demonstrate how to set various properties of the DirectoryEntry object usr. Since this code accesses objects in the System.DirectoryServices namespace, add a reference to the System.DirectoryServices namespace in Solution Explorer when using this code in an application.
The following examples show how to require that a SmartCard be used for an interactive logon.
[Visual Basic]
Const ADS_UF_SMARTCARD_REQUIRED As Integer = &H40000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
ADS_UF_SMARTCARD_REQUIRED
usr.CommitChanges()
const int ADS_UF_SMARTCARD_REQUIRED = 0x40000;
val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val |
ADS_UF_SMARTCARD_REQUIRED;
usr.CommitChanges();
The following examples show how to set the account to use a DES encryption type.
[Visual Basic]
Const ADS_UF_USE_DES_KEY_ONLY As Integer = &H200000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
ADS_UF_USE_DES_KEY_ONLY
usr.CommitChanges()
const int ADS_UF_USE_DES_KEY_ONLY=0x200000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val |
ADS_UF_USE_DES_KEY_ONLY;
usr.CommitChanges();
The following examples show how to set the account so that it is trusted for delegation.
[Visual Basic]
Const ADS_UF_TRUSTED_FOR_DELEGATION As Integer = &H80000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
ADS_UF_TRUSTED_FOR_DELEGATION
usr.CommitChanges()
const int ADS_UF_TRUSTED_FOR_DELEGATION =0x80000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val |
ADS_UF_TRUSTED_FOR_DELEGATION;
usr.CommitChanges();
The following examples show how to show that the account is sensitive and cannot be used for delegation.
[Visual Basic]
Const ADS_UF_NOT_DELEGATED As Integer = &H100000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
ADS_UF_NOT_DELEGATED
usr.CommitChanges()
const int ADS_UF_NOT_DELEGATED=0x100000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val |
ADS_UF_NOT_DELEGATED;
usr.CommitChanges();
The following code examples show how to set the account so that it does not require Kerberos pre-authentication.
[Visual Basic]
Const ADS_UF_DONT_REQUIRE_PREAUTH As Integer = &H400000
Val = Fix(usr.Properties("userAccountControl").Value)
usr.Properties("userAccountControl").Value = val Or _
ADS_UF_DONT_REQUIRE_PREAUTH
usr.CommitChanges()
const int ADS_UF_DONT_REQUIRE_PREAUTH=0x400000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val |
ADS_UF_DONT_REQUIRE_PREAUTH;
usr.CommitChanges();
See Also
Reference
System.DirectoryServices
DirectoryEntry
Concepts
Send comments about this topic to Microsoft.
Copyright © 2007 by Microsoft Corporation. All rights reserved.