JSI Tip 8071. How can I decode the userAccountControl attribute?

When you user the DSQUERY command to return the userAccountControl attribute, it is returned as a numeric value.

I have scripted userAccountControl.bat to translate this value.

The syntax for using userAccountControl.bat is:

call userAccountControl uac CommaSeparatedString

Where uac is the numeric value of the userAccountControl attribute, and CommaSeparatedString is a call directed environment variable that will contain from 1 through n 'descriptions', separated by commas.

userAccountControl.bat contains:

@echo offif {%2}=={} @echo Syntax: call userAccountControl uac CommaSeparatedString&goto :EOFif "%1" EQU "512" set %2=NORMAL_ACCOUNT&goto :EOFsetlocalset /a uac=%1set %2=Unknownset css=if %uac% GEQ 16777216 set css=%css%,TRUSTED_TO_AUTH_FOR_DELEGATION&set /a uac=%uac% - 16777216:GEQif %uac% GEQ 16777216 set /a uac=%uac% - 16777216&goto GEQif %uac% GEQ 8388608 set css=%css%, PASSWORD_EXPIRED&set /a uac=%uac% - 8388608if %uac% GEQ 4194304 set css=%css%, DONT_REQ_PREAUTH&set /a uac=%uac% - 4194304if %uac% GEQ 2097152 set css=%css%, USE_DES_KEY_ONLY&set /a uac=%uac% - 2097152if %uac% GEQ 1048576 set css=%css%, NOT_DELEGATED&set /a uac=%uac% - 1048576if %uac% GEQ 524288 set css=%css%, TRUSTED_FOR_DELEGATION&set /a uac=%uac% - 524288if %uac% GEQ 262144 set css=%css%, SMARTCARD_REQUIRED&set /a uac=%uac% - 262144if %uac% GEQ 131072 set css=%css%, MNS_LOGON_ACCOUNT&set /a uac=%uac% - 131072if %uac% GEQ 65536 set css=%css%,DONT_EXPIRE_PASSWD&set /a uac=%uac% - 65536if %uac% GEQ 32768 set css=%css%,UNKNOWN&set /a uac=%uac% - 32768if %uac% GEQ 16384 set css=%css%,UNKNOWN&set /a uac=%uac% - 16384if %uac% GEQ 8192 set css=%css%,SERVER_TRUST_ACCOUNT&set /a uac=%uac% - 8192if %uac% GEQ 4096 set css=%css%,WORKSTATION_TRUST_ACCOUNT&set /a uac=%uac% - 4096if %uac% GEQ 2048 set css=%css%,INTERDOMAIN_TRUST_ACCOUNT&set /a uac=%uac% - 2048if %uac% GEQ 1024 set css=%css%,UNKNOWN&set /a uac=%uac% - 1024if %uac% GEQ 512 set css=%css%,NORMAL_ACCOUNT&set /a uac=%uac% - 512if %uac% GEQ 256 set css=%css%,TEMP_DUPLICATE_ACCOUNT&set /a uac=%uac% - 256if %uac% GEQ 128 set css=%css%,UNKNOWN&set /a uac=%uac% - 128if %uac% GEQ 64 set css=%css%,PASSWD_CANT_CHANGE&set /a uac=%uac% - 64if %uac% GEQ 32 set css=%css%,PASSWD_NOTREQD&set /a uac=%uac% - 32if %uac% GEQ 16 set css=%css%,LOCKOUT&set /a uac=%uac% - 16if %uac% GEQ 8 set css=%css%,HOMEDIR_REQUIRED&set /a uac=%uac% - 8if %uac% GEQ 4 set css=%css%,UNKNOWN&set /a uac=%uac% - 4if %uac% GEQ 2 set css=%css%,ACCOUNTDISABLE&set /a uac=%uac% - 2if %uac% GEQ 1 set css=%css%,SCRIPT&set /a uac=%uac% - 1if %uac% NEQ 0 set css=%css%,UNKNOWNendlocal&set %2=%css:~1%

NOTE: See How do I use the UserAccountControl flags to manipulate user account properties?