Powershell to check if Account is Enable or Disabled.
Posted by Krishna - MVP on March 16, 2009
Useraccountcontrol Flag can help user to check if account is enabled or Disbaled. Please find the below mentioned script to find the same. If Useraccountcontrol value is 512 then its normal account if its 514 then account is disabled. You can find some information the UseraccoutControlflag http://support.microsoft.com/kb/305144
$UserName = “UserName”
$searcher = new-object DirectoryServices.DirectorySearcher([ADSI]“”)
$searcher.filter = “(&(objectClass=user)(sAMAccountName= $UserName))”
$founduser = $searcher.findOne()
$founduser.Properties.useraccountcontrol
$value = $founduser.Properties.useraccountcontrol
if ($Value -eq 514)
{
Write-Output “Account is disabled”
}
if ($Value -eq 512)
{
Write-Output “Account is Enabled”
}
Rudy Maes said
The above expmle will mis account wit value 66050 thes account are normal accounts, disbale but have the don’t expire pasw flag set
Paul M Vincent said
Allways use BitWise operators when dealing with UserAccountControl..
Change the evaluation statments to this
if($Value -BAND 2 -eq 0)
{
Write.Output “Account Enabled”
}
else
{
Write-Output “Account Disabled”
}
BIll said
I believe it should be:
if(($value -BAND 2) -eq 0)
But thanks, helped me go in the right direction.
Seth said
Way cool! Some very valid points! I appreciate you writing this article plus
the rest of the website is extremely good.