如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT？ [英] How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?

查看：151 发布时间：2020/6/1 19:04:33 powershell active-directory user-accounts

本文介绍了如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试使用PowerShell命令设置 WORKSTATION_TRUST_ACCOUNT （0x1000）标志

I am trying to set WORKSTATION_TRUST_ACCOUNT (0x1000) flag using a PowerShell command

https://support.microsoft.com/en-us/kb/305144

我搜索并找到了 Set-ADAccountControl 命令。.
https://technet.microsoft.com/zh-CN/library/ee617249.aspx

I searched and found the Set-ADAccountControl command.. https://technet.microsoft.com/en-us/library/ee617249.aspx

但是在MSDN中，没有编写如何设置 0x1000 。

But in MSDN it is not written how to set 0x1000.

如何设置使用PowerShell命令 WORKSTATION_TRUST_ACCOUNT 标志？

How to set WORKSTATION_TRUST_ACCOUNT flag using PowerShell command?

它们具有以下标志：

AccountNotDelegated
AllowReversiblePasswordEncryption
AuthType
CannotChangePassword
Credential
DoesNotRequirePreAuth
Enabled
HomedirRequired
MNSLogonAccount
Partition
PassThru
PasswordNeverExpires
PasswordNotRequired
Server
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
Confirm
WhatIf

编辑：

C# code 
following is my C# code which is throwing error access denied.

const int iFlag = 0x1000;
string sCommonName = "CN=" + sMachineName;

DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer");
deComputer.Properties["sAMAccountName"].Value = sMachineName + "$";
deComputer.CommitChanges();

deComputer.Properties["userAccountControl"].Value = iFlag;
deComputer.CommitChanges(); // access denied exception.

推荐答案

这是另一种方法：

$accountName = "userLogin"

$adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null
$adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))"

$adsiSearcherResult = $adsiSearcher.FindOne()
$user = $adsiSearcherResult.GetDirectoryEntry()

if(($user.UserAccountControl[0] -band 4096) -ne 0) {

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName"

} else {

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName"

    # Add the useraccountdisabled flag (decimal value 4096)
    $user.userAccountControl[0] += 4096

    # Save the new value in the user object
    $user.SetInfo()

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName"
}

来源： https： //knowledge.zomers.eu/PowerShell/Pages/How-to-control-UserAccountControl-Active-Directory-flags-with-PowerShell.aspx

这篇关于如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT？ [英] How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT？ [英] How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭