A PropertyValueCollection has to be changed to an Int32. For a singleton like userAccountControl, it will typically be something like:
$uac = $user.Properties.userAccountControl.Item( 0 ) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, December 28, 2011 3:18 PM To: NT System Admin Issues Subject: Re: Deciphering "UserAccountControl" using PowerShell On Wed, Dec 28, 2011 at 2:44 PM, Ben Scott <mailvor...@gmail.com> wrote: > Do a bitwise AND between the candidate user's value and ACCOUNT_DISABLED. > > I'm only on page 143 of "PowerShell in Action", and haven't gotten > to bitwise operators yet, but Google results suggest this should work: > > if ($user.UserAccountControl -band $ACCOUNT_DISABLED) { ... Not working for me ... here's the script, and if fails on that IF ... $ADS_UF_ACCOUNTDISABLED = 0x00002 $ADS_UF_NORMAL_ACCOUNT = 0x00200 $UserToFind = "leonem" $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"") $Search.filter = "(&(objectClass=user)(sAMAccountName=$UserToFind))" $SearchResults=$Search.FindAll() ForEach ($Result in $SearchResults) { $User=$Result.GetDirectoryEntry() $User.givenName if ($User.userAccountControl -band $ADS_UF_NORMAL_ACCOUNT ) { Write-Host "Normal user" } else { Write-Host "Abnormal user" } } PS Z:\PHA Scripts> .\FindUser.PS1 Michael The '-band' operator failed: Cannot convert the "System.DirectoryServices.PropertyValueCollection" value of type "System.DirectoryServices.PropertyValueCollection" to type "System.Int32".. At Z:\PHA Scripts\FindUser.PS1:11 char:36 + if ($User.userAccountControl -band <<<< $ADS_UF_NORMAL_ACCOUNT ) + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : OperatorFailed ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
