Useraccountcontrol Flag can help user to check if account is enabled or Disbaled. Please find the below mentioned script to find the same. If Useraccountcontrol value is 512 then its normal account if its 514 then account is disabled. You can find some information the UseraccoutControlflag http://support.microsoft.com/kb/305144
$UserName = “UserName”
$searcher = new-object DirectoryServices.DirectorySearcher([ADSI]””)
$searcher.filter = “(&(objectClass=user)(sAMAccountName= $UserName))”
$founduser = $searcher.findOne()
$founduser.Properties.useraccountcontrol
$value = $founduser.Properties.useraccountcontrol
if ($Value -eq 514)
{
Write-Output “Account is disabled”
}
if ($Value -eq 512)
{
Write-Output “Account is Enabled”
}
The above expmle will mis account wit value 66050 thes account are normal accounts, disbale but have the don’t expire pasw flag set
Allways use BitWise operators when dealing with UserAccountControl..
Change the evaluation statments to this
if($Value -BAND 2 -eq 0)
{
Write.Output “Account Enabled”
}
else
{
Write-Output “Account Disabled”
}
I believe it should be:
if(($value -BAND 2) -eq 0)
But thanks, helped me go in the right direction.
Way cool! Some very valid points! I appreciate you writing this article plus
the rest of the website is extremely good.
Or use the Active Directory module..
>Import-Module ActiveDirectory
>Search-ADAccount -AccountDisabled
Pingback: Powershell Useraccountcontrol Disabled | Liyongbak