LDAP userAccountControl Values
Date Created: December 21, 2015  Date Modified: December 21, 2015

This LDAP attribute return values that have to be interpreted with the following table:

userAccountControl values Meaning
512 Enabled
514 ACCOUNTDISABLE
528 Enabled – LOCKOUT
530 ACCOUNTDISABLE – LOCKOUT
544 Enabled – PASSWD_NOTREQD
546 ACCOUNTDISABLE – PASSWD_NOTREQD
560 Enabled – PASSWD_NOTREQD – LOCKOUT
640 Enabled – ENCRYPTED_TEXT_PWD_ALLOWED
2048 INTERDOMAIN_TRUST_ACCOUNT
2080 INTERDOMAIN_TRUST_ACCOUNT – PASSWD_NOTREQD
4096 WORKSTATION_TRUST_ACCOUNT
8192 SERVER_TRUST_ACCOUNT
66048 Enabled – DONT_EXPIRE_PASSWORD
66050 ACCOUNTDISABLE – DONT_EXPIRE_PASSWORD
66064 Enabled – DONT_EXPIRE_PASSWORD – LOCKOUT
66066 ACCOUNTDISABLE – DONT_EXPIRE_PASSWORD – LOCKOUT
66080 Enabled – DONT_EXPIRE_PASSWORD – PASSWD_NOTREQD
66082 ACCOUNTDISABLE – DONT_EXPIRE_PASSWORD – PASSWD_NOTREQD
66176 Enabled – DONT_EXPIRE_PASSWORD – ENCRYPTED_TEXT_PWD_ALLOWED
131584 Enabled – MNS_LOGON_ACCOUNT
131586 ACCOUNTDISABLE – MNS_LOGON_ACCOUNT
131600 Enabled – MNS_LOGON_ACCOUNT – LOCKOUT
197120 Enabled – MNS_LOGON_ACCOUNT – DONT_EXPIRE_PASSWORD
532480 SERVER_TRUST_ACCOUNT – TRUSTED_FOR_DELEGATION (Domain Controller)
1049088 Enabled – NOT_DELEGATED
1049090 ACCOUNTDISABLE – NOT_DELEGATED
2097664 Enabled – USE_DES_KEY_ONLY
2687488 Enabled – DONT_EXPIRE_PASSWORD – TRUSTED_FOR_DELEGATION – USE_DES_KEY_ONLY
4194816 Enabled – DONT_REQ_PREAUTH

Related Posts