On Wed, Dec 28, 2011 at 3:54 PM, Michael B. Smith <mich...@smithcons.com> wrote: > A PropertyValueCollection has to be changed to an Int32. For a singleton like > userAccountControl, it will typically be something like: > > $uac = $user.Properties.userAccountControl.Item( 0 )
That didn't work for me ... PS Z:\PHA Scripts> .\FindUser.PS1 Method invocation failed because [System.DirectoryServices.DirectoryEntry] doesn't contain a method named 'userAccountControl'. At Z:\PHA Scripts\FindUser.PS1:22 char:33 + $uac = $User.userAccountControl <<<< (0) + CategoryInfo : InvalidOperation: (userAccountControl:String) [], RuntimeException + FullyQualifiedErrorId : MethodNotFound ------------------------- Doing this, did work: $uac = $User.userAccountControl[0] (note square brackets, not parens. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Michael Leone [mailto:oozerd...@gmail.com] > Sent: Wednesday, December 28, 2011 3:18 PM > To: NT System Admin Issues > Subject: Re: Deciphering "UserAccountControl" using PowerShell > > On Wed, Dec 28, 2011 at 2:44 PM, Ben Scott <mailvor...@gmail.com> wrote: > >> Do a bitwise AND between the candidate user's value and ACCOUNT_DISABLED. >> >> I'm only on page 143 of "PowerShell in Action", and haven't gotten >> to bitwise operators yet, but Google results suggest this should work: >> >> if ($user.UserAccountControl -band $ACCOUNT_DISABLED) { ... > > Not working for me ... here's the script, and if fails on that IF ... > > $ADS_UF_ACCOUNTDISABLED = 0x00002 > $ADS_UF_NORMAL_ACCOUNT = 0x00200 > $UserToFind = "leonem" > $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"") > $Search.filter = "(&(objectClass=user)(sAMAccountName=$UserToFind))" > $SearchResults=$Search.FindAll() > > ForEach ($Result in $SearchResults) { > $User=$Result.GetDirectoryEntry() > $User.givenName > if ($User.userAccountControl -band $ADS_UF_NORMAL_ACCOUNT ) > { > Write-Host "Normal user" > } > else > { > Write-Host "Abnormal user" > } > } > > PS Z:\PHA Scripts> .\FindUser.PS1 > Michael > The '-band' operator failed: Cannot convert the > "System.DirectoryServices.PropertyValueCollection" value of type > "System.DirectoryServices.PropertyValueCollection" to type > "System.Int32".. > At Z:\PHA Scripts\FindUser.PS1:11 char:36 > + if ($User.userAccountControl -band <<<< $ADS_UF_NORMAL_ACCOUNT ) > + CategoryInfo : InvalidOperation: (:) [], RuntimeException > + FullyQualifiedErrorId : OperatorFailed > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin