On Wed, Dec 28, 2011 at 3:17 PM, Michael Leone <oozerd...@gmail.com> wrote: > On Wed, Dec 28, 2011 at 2:44 PM, Ben Scott <mailvor...@gmail.com> wrote: > >> Do a bitwise AND between the candidate user's value and ACCOUNT_DISABLED. >> >> I'm only on page 143 of "PowerShell in Action", and haven't gotten >> to bitwise operators yet, but Google results suggest this should work: >> >> if ($user.UserAccountControl -band $ACCOUNT_DISABLED) { ... > > Not working for me ... here's the script, and if fails on that IF ...
> > $ADS_UF_ACCOUNTDISABLED = 0x00002 > $ADS_UF_NORMAL_ACCOUNT = 0x00200 > $UserToFind = "leonem" > $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"") > $Search.filter = "(&(objectClass=user)(sAMAccountName=$UserToFind))" > $SearchResults=$Search.FindAll() > > ForEach ($Result in $SearchResults) { > $User=$Result.GetDirectoryEntry() > $User.givenName This works: [int] $uac = $User.userAccountControl[0] if ($uac -band $ADS_UF_NORMAL_ACCOUNT ) { Write-Host "Normal user" } else { Write-Host "Abnormal user" } } So I have to force the conversion to an INT type, then I can test with IF or SWITCH or whatever, against my constants. Thanks for all the help! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin