5.206 userAccountControl Bits
The userAccountControl bits are bit flags that describe various qualities of a security account. The bit flags are presented below in little-endian byte order.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
X |
X |
X |
L O |
X |
X |
A D |
X |
X |
X |
S T |
W T |
I D |
X |
N A |
D A |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
X |
P S |
X |
X |
X: Unused. MUST be zero and ignored.
AD (ADS_UF_ACCOUNTDISABLE, 0x00000002): The account is disabled.
LO (ADS_UF_LOCKOUT, 0x00000010): The account is temporarily locked out.
DA (ADS_UF_TEMP_DUPLICATE_ACCOUNT, 0x00000100): This is an account for a user whose primary account is in another domain.
NA (ADS_UF_NORMAL_ACCOUNT, 0x00000200): The default account type that represents a typical user.
ID (ADS_UF_INTERDOMAIN_TRUST_ACCOUNT, 0x00000800): The account for a domain-to-domain trust.
WT (ADS_UF_WORKSTATION_ACCOUNT, 0x00001000): The computer account for a computer that is a member of this domain.
ST (ADS_UF_SERVER_TRUST_ACCOUNT, 0x00002000): The computer account for a DC.
PS (ADS_UF_PARTIAL_SECRETS_ACCOUNT, 0x04000000): The computer account for an RODC.