Bulk useraccountcontrol attribute

Sylvain MALAGRE 21 Reputation points
2021-03-23T19:49:01.867+00:00

Hi,

I have a txt file with several ad accounts with the Name of each of one.

I would like to bulk change the useraccountcontrol attribute for all of them with the 512 value.

Could you helo me to do it please ?

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,805 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,344 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 44,541 Reputation points
    2021-03-23T20:06:03.997+00:00

    Are you just trying to set the accounts to the "Enabled" status?

    If so, see if this helps: 

    Get-Content x:file.txt |
    ForEach-Object{
        $uname = $_    # needed because you can't use $_ in a "Catch" block for this value
        if ($user = Get-ADUser -Filter {Name -eq $uname}){
            Try{
                $user | Set-ADUser -Enabled -ErrorAction STOP
            }
            Catch{
                Write-Host "Failed to enable user '$uname'"
            }
        }
        else{
            Write-Host "Failed to find user '$uname'"
        }
    0 comments
  2. Ian Xue (Shanghai Wicresoft Co., Ltd.) 29,386 Reputation points Microsoft Vendor
    2021-03-24T05:20:05+00:00

    Hi,

    The Set-ADUser cmdlet can modify the properties of AD users for you. 

    $file = 'C:\test\name.txt'  
Get-Content -Path $file | Get-ADUser | Set-ADUser -Replace @{useraccountcontrol=512}

    You can refer to the link below for details about the useraccountcontrol property.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Rich Matheisen 44,541 Reputation points
    2021-03-24T18:56:22.397+00:00

    Here's an example of bad things that can happen when an array of bits, each of which have a special meaning, is mishandled: 

    [uint32]$bitmap = 0x0002        # account disabled (2)
$bitmap = $bitmap -bor 0x0400   # cannot change password (64)
$bitmap = $bitmap -bor 0x010000 # password never expires (65536)
""
[Convert]::ToString($bitmap,2)
$bitmap = 0x0200                # Normal user (512)
[Convert]::ToString($bitmap,2)

    The original value is simply replaced instead of having just the one bit manipulated:

    10000010000000010 <=== Before
    1000000000 <=== After

    0 comments