Directory Services

Setting User Account Flags

This topic contains code examples that set various user flags. It uses the Properties method to access the userAccountControl property to set flags defined in the ADS_USER_FLAG_ENUM.

The following code example shows how to require that a SmartCard be used for an interactive logon.

[C#]
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
ADS_UF_SMARTCARD_REQUIRED;
usr.CommitChanges();

The following code example shows how to set the account to use a DES encryption type.

[C#]
const int ADS_UF_USE_DES_KEY_ONLY=0x200000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | ADS_UF_USE_DES_KEY_ONLY;
usr.CommitChanges();

The following code example shows how to set the account so that it is trusted for delegation.

[C#]
const int ADS_UF_TRUSTED_FOR_DELEGATION =0x80000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
ADS_UF_TRUSTED_FOR_DELEGATION;
usr.CommitChanges();

The following code example shows how to show that the account is sensitive and cannot be used for delegation.

[C#]
const int ADS_UF_NOT_DELEGATED=0x100000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | ADS_UF_NOT_DELEGATED;
usr.CommitChanges();

The following code example shows how to set the account so that it does not require Kerberos pre-authentication.

[C#]
const int ADS_UF_DONT_REQUIRE_PREAUTH=0x400000;
val= (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | 
ADS_UF_DONT_REQUIRE_PREAUTH;
usr.CommitChanges();