Search code examples
c++azure-active-directoryactive-directoryldap

How to get a userAccountControl Attribute in active directory

Am working on active directory and i need to get a value of a checkbox in userAccountControl enter image description here

and want to know if the check box is checked or not.. I tried to get the value of it by using the code

    VARIANT var;
    VariantInit(&var);
    hr = pUsr->Get(CComBSTR("userAccountControl"), &var);
    if (SUCCEEDED(hr)) {
        std::cout << V_I4(&var) << std::endl;
       }

and I got the output 512. The problem is even if the checkbox is checked or unchecked it has the same value 512. it changes for other checkboxes but shows the same value for this option i need a way to find if the checkbox is true or not

Solution

  • You want to look at the pwdLastSet attribute. The documentation for that says:

    If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon.

    So two things must be true to force a password change on next logon:

    1. The pwdLastSet attribute is 0.

    2. The account is not set to never expire the password. In C++ I think that would look something like this:

      !(V_I4(&var) & DONT_EXPIRE_PASSWORD)