Public/Convert-ALHADUserAccountControl.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
<#PSScriptInfo
.VERSION 1.1.0 .GUID 2138fa89-6384-4b9f-898b-f7014d9853f5 .AUTHOR Dieter Koch .COMPANYNAME .COPYRIGHT (c) 2021-2023 Dieter Koch .TAGS .LICENSEURI https://github.com/admins-little-helper/ALH/blob/main/LICENSE .PROJECTURI https://github.com/admins-little-helper/ALH .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES 1.0.0 Initial release 1.1.0 Added parameter msDSUserAccountControlComputed required by a change for attribute userAccountControl in Windows Server 2003 AD. For details see https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties #> <# .DESCRIPTION Contains a function to convert an integer value to UserAccountControl flags. .LINK https://github.com/admins-little-helper/ALH .LINK https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties #> function Convert-ALHADUserAccountControl { <# .SYNOPSIS Converts an integer value to UserAccountControl flags. .DESCRIPTION The function 'Convert-ALHADUserAccountControl' converts an integer value to UserAccountControl flags. This allows to take the raw value form the 'UserAccountControl' and/or 'msDS-User-Account-Control-Computed' property of an Active Directory object and get a describtive name for the flags set. .PARAMETER UserAccountControl Integer value of the 'UserAccountControl' attribute of an Active Directory object. .PARAMETER msDSUserAccountControlComputed Integer value of the 'msDS-User-Account-Control-Computed' attribute of an Active Directory object. .EXAMPLE Convert-ALHADUserAccountControl -UserAccountControl 514 ACCOUNTDISABLE NORMAL_ACCOUNT Returns the flags for value 514. .EXAMPLE Convert-ALHADUserAccountControl -UserAccountControl 514 -msDSUserAccountControlComputed 8388624 ACCOUNTDISABLE LOCKOUT NORMAL_ACCOUNT PASSWORD_EXPIRED Returns the flags for UserAccountControl value of 514 and ms-sDSUserAccountControlComputed value of 8388624. .INPUTS System.Int32 .OUTPUTS System.String .NOTES Author: Dieter Koch Email: diko@admins-little-helper.de .LINK https://github.com/admins-little-helper/ALH/blob/main/Help/Convert-ALHADUserAccountControl.txt #> [CmdletBinding()] param( [Parameter(Mandatory, Position = 0, ValueFromPipeline, ValueFromPipelineByPropertyName)] [int] $UserAccountControl, [Parameter(Position = 1, ValueFromPipeline, ValueFromPipelineByPropertyName)] [int] $msDSUserAccountControlComputed ) begin { # Combine the UserAccountControl value and the msDSUserAccountControlComputed value (see Microsoft documentation for details about this). $UserAccountControl = $UserAccountControl -bor $msDSUserAccountControlComputed $UACPropertyFlags = @( "SCRIPT", "ACCOUNTDISABLE", "RESERVED", "HOMEDIR_REQUIRED", "LOCKOUT", "PASSWD_NOTREQD", "PASSWD_CANT_CHANGE", "ENCRYPTED_TEXT_PWD_ALLOWED", "TEMP_DUPLICATE_ACCOUNT", "NORMAL_ACCOUNT", "RESERVED", "INTERDOMAIN_TRUST_ACCOUNT", "WORKSTATION_TRUST_ACCOUNT", "SERVER_TRUST_ACCOUNT", "RESERVED", "RESERVED", "DONT_EXPIRE_PASSWORD", "MNS_LOGON_ACCOUNT", "SMARTCARD_REQUIRED", "TRUSTED_FOR_DELEGATION", "NOT_DELEGATED", "USE_DES_KEY_ONLY", "DONT_REQ_PREAUTH", "PASSWORD_EXPIRED", "TRUSTED_TO_AUTH_FOR_DELEGATION", "RESERVED", "PARTIAL_SECRETS_ACCOUNT" "RESERVED" "RESERVED" "RESERVED" "RESERVED" "RESERVED" ) } process { <# # This is the long version of the code below. Just added it to explain how it works. $i = 0 $FlagsSet = foreach($Flag in $UACPropertyFlags) { if($UserAccountControl -bAnd [math]::Pow(2, $i)) { foreach($item in $Flag) { $UACPropertyFlags[$i] } } $i++ } #> $FlagsSet = (0..($UACPropertyFlags.Length) | Where-Object { $UserAccountControl -bAnd [math]::Pow(2, $_) } | ForEach-Object { $UACPropertyFlags[$_] }) $FlagsSet } } #region EndOfScript <# ################################################################################ ################################################################################ # # ______ _ __ _____ _ _ # | ____| | | / _| / ____| (_) | | # | |__ _ __ __| | ___ | |_ | (___ ___ _ __ _ _ __ | |_ # | __| | '_ \ / _` | / _ \| _| \___ \ / __| '__| | '_ \| __| # | |____| | | | (_| | | (_) | | ____) | (__| | | | |_) | |_ # |______|_| |_|\__,_| \___/|_| |_____/ \___|_| |_| .__/ \__| # | | # |_| ################################################################################ ################################################################################ # created with help of http://patorjk.com/software/taag/ #> #endregion |