如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT? [英] How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?
本文介绍了如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试使用PowerShell命令设置 WORKSTATION_TRUST_ACCOUNT
(0x1000)标志
I am trying to set WORKSTATION_TRUST_ACCOUNT
(0x1000) flag using a PowerShell command
https://support.microsoft.com/en-us/kb/305144
我搜索并找到了 Set-ADAccountControl
命令。.
https://technet.microsoft.com/zh-CN/library/ee617249.aspx
I searched and found the Set-ADAccountControl
command..
https://technet.microsoft.com/en-us/library/ee617249.aspx
但是在MSDN中,没有编写如何设置 0x1000
。
But in MSDN it is not written how to set 0x1000
.
如何设置使用PowerShell命令 WORKSTATION_TRUST_ACCOUNT
标志?
How to set WORKSTATION_TRUST_ACCOUNT
flag using PowerShell command?
它们具有以下标志:
AccountNotDelegated
AllowReversiblePasswordEncryption
AuthType
CannotChangePassword
Credential
DoesNotRequirePreAuth
Enabled
HomedirRequired
MNSLogonAccount
Partition
PassThru
PasswordNeverExpires
PasswordNotRequired
Server
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
Confirm
WhatIf
编辑:
C# code
following is my C# code which is throwing error access denied.
const int iFlag = 0x1000;
string sCommonName = "CN=" + sMachineName;
DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer");
deComputer.Properties["sAMAccountName"].Value = sMachineName + "$";
deComputer.CommitChanges();
deComputer.Properties["userAccountControl"].Value = iFlag;
deComputer.CommitChanges(); // access denied exception.
推荐答案
这是另一种方法:
$accountName = "userLogin"
$adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null
$adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))"
$adsiSearcherResult = $adsiSearcher.FindOne()
$user = $adsiSearcherResult.GetDirectoryEntry()
if(($user.UserAccountControl[0] -band 4096) -ne 0) {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName"
} else {
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName"
# Add the useraccountdisabled flag (decimal value 4096)
$user.userAccountControl[0] += 4096
# Save the new value in the user object
$user.SetInfo()
"WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName"
}
这篇关于如何使用Powershell脚本在Active Directory中设置用户帐户标志WORKSTATION_TRUST_ACCOUNT?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文