2.2.1.12 USER_ACCOUNT Codes
These values are attributes of a user account and can be combined by using a bitwise OR operation. They are used in the UserAccountControl field for user objects. For more information, see section 2.2.6.1.
|
Constant/value |
Description |
|---|---|
|
USER_ACCOUNT_DISABLED 0x00000001 |
Specifies that the account is not enabled for authentication. |
|
USER_HOME_DIRECTORY_REQUIRED 0x00000002 |
Specifies that the homeDirectory attribute is required. |
|
USER_PASSWORD_NOT_REQUIRED 0x00000004 |
Specifies that the password-length policy does not apply to this user. |
|
USER_TEMP_DUPLICATE_ACCOUNT 0x00000008 |
This bit is ignored by clients and servers. |
|
USER_NORMAL_ACCOUNT 0x00000010 |
Specifies that the user is not a computer object. |
|
USER_MNS_LOGON_ACCOUNT 0x00000020 |
This bit is ignored by clients and servers. |
|
USER_INTERDOMAIN_TRUST_ACCOUNT 0x00000040 |
Specifies that the object represents a trust object. For more information about trust objects, see [MS-LSAD]. |
|
USER_WORKSTATION_TRUST_ACCOUNT 0x00000080 |
Specifies that the object is a member workstation or server. |
|
USER_SERVER_TRUST_ACCOUNT 0x00000100 |
Specifies that the object is a DC. |
|
USER_DONT_EXPIRE_PASSWORD 0x00000200 |
Specifies that the maximum-password-age policy does not apply to this user. |
|
USER_ACCOUNT_AUTO_LOCKED 0x00000400 |
Specifies that the account has been locked out. |
|
USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000800 |
Specifies that the cleartext password is to be persisted. |
|
USER_SMARTCARD_REQUIRED 0x00001000 |
Specifies that the user can authenticate only with a smart card. |
|
USER_TRUSTED_FOR_DELEGATION 0x00002000 |
This bit is used by the Kerberos protocol. It indicates that the "OK as Delegate" ticket flag (described in [RFC4120] section 2.8) is to be set. |
|
USER_NOT_DELEGATED 0x00004000 |
This bit is used by the Kerberos protocol. It indicates that the ticket-granting tickets (TGTs) of this account and the service tickets obtained by this account are not marked as forwardable or proxiable when the forwardable or proxiable ticket flags are requested. For more information, see [RFC4120]. |
|
USER_USE_DES_KEY_ONLY 0x00008000 |
This bit is used by the Kerberos protocol. It indicates that only des-cbc-md5 or des-cbc-crc keys (as defined in [RFC3961]) are used in the Kerberos protocol for this account. |
|
USER_DONT_REQUIRE_PREAUTH 0x00010000 |
This bit is used by the Kerberos protocol. It indicates that the account is not required to present valid pre-authentication data, as described in [RFC4120] section 7.5.2. |
|
USER_PASSWORD_EXPIRED 0x00020000 |
Specifies that the password age on the user has exceeded the maximum password age policy. |
|
USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x00040000 |
This bit is used by the Kerberos protocol, as specified in [MS-KILE] section 3.3.1.1. |
|
USER_NO_AUTH_DATA_REQUIRED 0x00080000 |
This bit is used by the Kerberos protocol. It indicates that when the key distribution center (KDC) is issuing a service ticket for this account, the privilege attribute certificate (PAC) is not to be included. For more information, see [RFC4120]. |
|
USER_PARTIAL_SECRETS_ACCOUNT 0x00100000 |
Specifies that the object is a read-only domain controller (RODC). |
|
USER_USE_AES_KEYS 0x00200000 |
This bit is ignored by clients and servers. |