afking8268
asked on
How to determine if a flag has been set based on cumulative flag values
I'm trying to find out if a user in active directory has the option account never expires checked.
Microsoft documentation details the following userAccountControl flags:
SCRIPT 0x0001 1
ACCOUNTDISABLE 0x0002 2
HOMEDIR_REQUIRED 0x0008 8
LOCKOUT 0x0010 16
PASSWD_NOTREQD 0x0020 32
PASSWD_CANT_CHANGE 0x0040 64
ENCRYPTED_TEXT_PWD_ALLOWED 0x0080 128
TEMP_DUPLICATE_ACCOUNT 0x0100 256
NORMAL_ACCOUNT 0x0200 512
INTERDOMAIN_TRUST_ACCOUNT 0x0800 2048
WORKSTATION_TRUST_ACCOUNT 0x1000 4096
SERVER_TRUST_ACCOUNT 0x2000 8192
DONT_EXPIRE_PASSWORD 0x10000 65536
MNS_LOGON_ACCOUNT 0x20000 131072
SMARTCARD_REQUIRED 0x40000 262144
TRUSTED_FOR_DELEGATION 0x80000 524288
NOT_DELEGATED 0x100000 1048576
USE_DES_KEY_ONLY 0x200000 2097152
DONT_REQ_PREAUTH 0x400000 4194304
PASSWORD_EXPIRED 0x800000 8388608
TRUSTED_TO_AUTH_FOR_DELEGA TION 0x1000000 16777216
Documentation states that the values are cumulative. So, a user who has a normal account and a dont expire password has the value 0x10200 or a decimal value of 66048. How can I then determine if a particular flag has been set?
Thanks!
Microsoft documentation details the following userAccountControl flags:
SCRIPT 0x0001 1
ACCOUNTDISABLE 0x0002 2
HOMEDIR_REQUIRED 0x0008 8
LOCKOUT 0x0010 16
PASSWD_NOTREQD 0x0020 32
PASSWD_CANT_CHANGE 0x0040 64
ENCRYPTED_TEXT_PWD_ALLOWED
TEMP_DUPLICATE_ACCOUNT 0x0100 256
NORMAL_ACCOUNT 0x0200 512
INTERDOMAIN_TRUST_ACCOUNT 0x0800 2048
WORKSTATION_TRUST_ACCOUNT 0x1000 4096
SERVER_TRUST_ACCOUNT 0x2000 8192
DONT_EXPIRE_PASSWORD 0x10000 65536
MNS_LOGON_ACCOUNT 0x20000 131072
SMARTCARD_REQUIRED 0x40000 262144
TRUSTED_FOR_DELEGATION 0x80000 524288
NOT_DELEGATED 0x100000 1048576
USE_DES_KEY_ONLY 0x200000 2097152
DONT_REQ_PREAUTH 0x400000 4194304
PASSWORD_EXPIRED 0x800000 8388608
TRUSTED_TO_AUTH_FOR_DELEGA
Documentation states that the values are cumulative. So, a user who has a normal account and a dont expire password has the value 0x10200 or a decimal value of 66048. How can I then determine if a particular flag has been set?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
from what I understand..
If a user has a flag value of SCRIPT, ACCOUNTDISABLE, HOMEDIR_REQUIRED = 11
and you need to deside whether he's got a value for ACCOUNTDISABLE = True or not.
I'd do it this way...
Get the UserFlagValue.
Get ValueToCheck.
GetValueToCheck = 2 (in this case, for ACCOUNTDISABLE)
Now please excuse me for not doing datatype casting. (VB.Net)
Function CheckFlagValue(ByVal UserFlagValue, ByVal, GetValueToCheck) As Boolean
Dim i = 16777216 (max flag value)
While i >= 1
If i <= UserFlagValue Then
UserFlagValue = UserFlagValue - i
If i = GetValueToCheck Then
Return True
End If
End If
i = (next flag value in descending order) (You may need to write anothe function to get next value here)
While End
Return False
End Function
If a user has a flag value of SCRIPT, ACCOUNTDISABLE, HOMEDIR_REQUIRED = 11
and you need to deside whether he's got a value for ACCOUNTDISABLE = True or not.
I'd do it this way...
Get the UserFlagValue.
Get ValueToCheck.
GetValueToCheck = 2 (in this case, for ACCOUNTDISABLE)
Now please excuse me for not doing datatype casting. (VB.Net)
Function CheckFlagValue(ByVal UserFlagValue, ByVal, GetValueToCheck) As Boolean
Dim i = 16777216 (max flag value)
While i >= 1
If i <= UserFlagValue Then
UserFlagValue = UserFlagValue - i
If i = GetValueToCheck Then
Return True
End If
End If
i = (next flag value in descending order) (You may need to write anothe function to get next value here)
While End
Return False
End Function
Function CheckFlagValue(ByVal UserFlagValue, ByVal, GetValueToCheck) as boolean
return (UserFlagValue AND GetValueTOCheck) = GetValueToCheck
end function
return (UserFlagValue AND GetValueTOCheck) = GetValueToCheck
end function
dim foo as boolean = yourval and constant > 0
but either way works ... the reason for comparing to 0 is that you could avoid a comparison by directly casting to a boolean if you really wanted to.
Greg