script msoluser modify ejemplos attribute all aduser active powershell active-directory user-accounts

msoluser - ¿Cómo establecer el indicador de cuenta de usuario WORKSTATION_TRUST_ACCOUNT en Active Directory utilizando el script de powershell?



set-aduser (1)

Aquí hay otra manera de hacerlo:

$accountName = "userLogin" $adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null $adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))" $adsiSearcherResult = $adsiSearcher.FindOne() $user = $adsiSearcherResult.GetDirectoryEntry() if(($user.UserAccountControl[0] -band 4096) -ne 0) { "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName" } else { "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName" # Add the useraccountdisabled flag (decimal value 4096) $user.userAccountControl[0] += 4096 # Save the new value in the user object $user.SetInfo() "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName" }

Fuente: https://knowledge.zomers.eu/PowerShell/Pages/How-to-control-UserAccountControl-Active-Directory-flags-with-PowerShell.aspx

Estoy tratando de configurar el indicador WORKSTATION_TRUST_ACCOUNT (0x1000) con un comando de PowerShell

https://support.microsoft.com/en-us/kb/305144

Busqué y encontré el comando Set-ADAccountControl . Https://technet.microsoft.com/en-us/library/ee617249.aspx

Pero en MSDN no está escrito cómo configurar 0x1000 .

¿Cómo establecer el indicador WORKSTATION_TRUST_ACCOUNT utilizando el comando de PowerShell?

Tienen los siguientes indicadores:

AccountNotDelegated AllowReversiblePasswordEncryption AuthType CannotChangePassword Credential DoesNotRequirePreAuth Enabled HomedirRequired MNSLogonAccount Partition PassThru PasswordNeverExpires PasswordNotRequired Server TrustedForDelegation TrustedToAuthForDelegation UseDESKeyOnly Confirm WhatIf

EDITAR:

C# code following is my C# code which is throwing error access denied. const int iFlag = 0x1000; string sCommonName = "CN=" + sMachineName; DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer"); deComputer.Properties["sAMAccountName"].Value = sMachineName + "$"; deComputer.CommitChanges(); deComputer.Properties["userAccountControl"].Value = iFlag; deComputer.CommitChanges(); // access denied exception.