Wednesday, May 26, 2010

AD userAccountControl values

Here are the values/descriptions for the AD attribute for userAccountControl

512 - Enable Account
514 - Disable account
544 - Account Enabled - Require user to change password at first logon
4096 - Workstation/server
66048 - Enabled, password never expires
66050 - Disabled, password never expires
66080 - Enabled, DONT_EXPIRE_PASSWORD - PASSWD_NOTREQD
262656 - Smart Card Logon Required
532480 - Domain controller


1 - script
2 - accountdisable
8 - homedir_required
16 - lockout
32 - password_not_reqd
64 - password_cant_change
128 - encrypted_text_pwd_allowed
256 - temp_duplicate_account
512 - normal_account
2048 - interdomain_trust_account
4096 - workstation_trust_account
8192 - server_trust_account
65536 - dont_expire_password
131072 - mns_logon_account
262144 - smartcard_required
524288 - trusted_for_delegation
1048576 - not_delegated
2097152 - use_des_key_only
4194304 - dont_req_preauth
8388608 - password_expired
16777216 - trusted_to_auth_for_delegation