Share via

Bulk useraccountcontrol attribute

Sylvain MALAGRE 21 Reputation points
2021-03-23T19:49:01.867+00:00

Hi,

I have a txt file with several ad accounts with the Name of each of one.

I would like to bulk change the useraccountcontrol attribute for all of them with the 512 value.

Could you helo me to do it please ?

Thank you

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 48,116 Reputation points
    2021-03-24T18:56:22.397+00:00

    Here's an example of bad things that can happen when an array of bits, each of which have a special meaning, is mishandled: 

    [uint32]$bitmap = 0x0002        # account disabled (2)
$bitmap = $bitmap -bor 0x0400   # cannot change password (64)
$bitmap = $bitmap -bor 0x010000 # password never expires (65536)
""
[Convert]::ToString($bitmap,2)
$bitmap = 0x0200                # Normal user (512)
[Convert]::ToString($bitmap,2)

    The original value is simply replaced instead of having just the one bit manipulated:

    10000010000000010 <=== Before
    1000000000 <=== After

    Was this answer helpful?

    0 comments
  2. Anonymous
    2021-03-24T05:20:05+00:00

    Hi,

    The Set-ADUser cmdlet can modify the properties of AD users for you. 

    $file = 'C:\test\name.txt'  
Get-Content -Path $file | Get-ADUser | Set-ADUser -Replace @{useraccountcontrol=512}

    You can refer to the link below for details about the useraccountcontrol property.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

  3. Rich Matheisen 48,116 Reputation points
    2021-03-23T20:06:03.997+00:00

    Are you just trying to set the accounts to the "Enabled" status?

    If so, see if this helps: 

    Get-Content x:file.txt |
    ForEach-Object{
        $uname = $_    # needed because you can't use $_ in a "Catch" block for this value
        if ($user = Get-ADUser -Filter {Name -eq $uname}){
            Try{
                $user | Set-ADUser -Enabled -ErrorAction STOP
            }
            Catch{
                Write-Host "Failed to enable user '$uname'"
            }
        }
        else{
            Write-Host "Failed to find user '$uname'"
        }

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.