You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » ADS_USER_FLAG --- How to manipulate the right to change password ?
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#157390 - 2006-02-17 03:11 PM ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Have a question here:

this is the sample code from ADSI Reference :

Quote:


The following Visual Basic code snippet shows how to use the user flag defined above to prevent a user from changing his or her password.

Set usr = GetObject("WinNT://INDEPENDENCE/jsmith,user")
usr.Put "userFlags", usr.Get("UserFlags") Or ADS_UF_PASSWORD_CANT_CHANGE
usr.SetInfo
The following code snippet clears the flag to allow a user to change the password.

usr.Put "userFlags", usr.Get("UserFlags") Xor ADS_UF_PASSWORD_CANT_CHANGE
usr.SetInfo




ADS_UF_PASSWORD_CANT_CHANGE is referenced to as 0X0040

How do you translate this to KiX
Is this the thing not supported in KiXtart ?

Edited by Jochen (2006-02-17 03:12 PM)
_________________________



Top
#157391 - 2006-02-17 03:15 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
You should be able to translate to KiX with no problems.

0x0040 is just another way of writing a hex number, so in KiXtart it will be &40.
Top
#157392 - 2006-02-17 03:20 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Here you go:
Code:
$ADS_UF_PASSWORD_CANT_CHANGE=&40
 
$oUser = GetObject("WinNT://ACME/rhowarth,user")
$oUser.Put("UserFlags",$oUser.Get("UserFlags")^$ADS_UF_PASSWORD_CANT_CHANGE)


Note, you will need a recent version of KiXtart for the XOR "^" operator.
Top
#157393 - 2006-02-17 03:30 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Thanks,

I got riddled the deny right part in the mean time ( ŽUserFlags | 64' )
^ was the operator that I failed to remember( It's simply to new for me )

here is the result :

Code:

function ADS_PWChangeRight($usr, $domain, $Right)
    dim $objUsr, $_, $UserFlags, $NewUserFlags
    $objUsr = getobject("WinNT://" + $domain + "/" + $usr + ",user")
    if not @error
        $UserFlags = $objUsr.Get("UserFlags")
        if not $Right
            $NewUserFlags = $UserFlags | 64
        else
            $NewUserFlags = $UserFlags ^ 64
        endif
        $objUsr.Put("UserFlags", $NewUserFlags)
        $objUsr.SetInfo
        $ADS_PWChangeRight = @error
    else
        $ADS_PWChangeRight = @error
    endif
endfunction


Thanks again Richard
_________________________



Top
#157394 - 2006-02-17 03:37 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
BTW, in case it wasn't clear in the original example, XOR will toggle the flag - if you want to explicitly remove it you should either check that it is already set, or mask it and use AND instead.
Top
#157395 - 2006-02-17 03:59 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
No, it wasn't clear from the example ... tsk, tsk.
It should have been clear from a logically point of view.
I confess, my math knowledge is too rusty atm. (The last time I understood XOR was 13 years ago)

So, what do you mean with masking ? (I know that a direct AND would Puzzle the value)

Edited by Jochen (2006-02-17 04:01 PM)
_________________________



Top
#157396 - 2006-02-17 04:18 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Probably easier to just use a conditional:
Code:
function ADS_PWChangeRight($usr, $domain, $Right)
    dim $objUsr, $_, $UserFlags
    dim $ADS_UF_PASSWORD_CANT_CHANGE
    $ADS_UF_PASSWORD_CANT_CHANGE=&40
    $objUsr = getobject("WinNT://" + $domain + "/" + $usr + ",user")
    if not @error
        $UserFlags = $objUsr.Get("UserFlags")
        if not $Right
            $UserFlags = $UserFlags | $ADS_UF_PASSWORD_CANT_CHANGE
        else
            If ($UserFlags & $ADS_UF_PASSWORD_CANT_CHANGE) $UserFlags = $UserFlags ^ $ADS_UF_PASSWORD_CANT_CHANGE EndIf
        endif
        $objUsr.Put("UserFlags", $UserFlags)
        $objUsr.SetInfo
        $ADS_PWChangeRight = @error
    else
        $ADS_PWChangeRight = @error
    endif
endfunction
Top
#157397 - 2006-02-17 04:55 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
yep,

that was in mind as a simple solution.
But the concept of masking and using AND still escapes me.
_________________________



Top
#157398 - 2006-02-17 05:14 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
So here is my working version (to prevent the need to carry it around with me 'till monday )

Code:

function ADS_PWChangeRight($usr, $domain, $Right)
    ; 64 is ADS_UF_PASSWORD_CANT_CHANGE (&40)
    dim $objUsr, $_, $UserFlags
    $objUsr = getobject("WinNT://" + $domain + "/" + $usr + ",user")
    if not @error
        $UserFlags = $objUsr.Get("UserFlags")
        if not $Right
            $UserFlags = $UserFlags | 64
        else
            if not ($UserFlags & 64)
                $ADS_PWChangeRight = 0
                exit 0
            endif
            $UserFlags = $UserFlags ^ 64
        endif
        $objUsr.Put("UserFlags", $UserFlags)
        $objUsr.SetInfo
        $ADS_PWChangeRight = @error
    else
        $ADS_PWChangeRight = @error
    endif
endfunction


(no need to write the flags back when there is actually no change, no?)
_________________________



Top
#157399 - 2006-02-17 05:15 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
I meant bitwise AND (&) and not logical and of course.

Here is how you would do it:
Code:
$ADS_UF_PASSWORD_CANT_CHANGE=&40
$NOT_ADS_UF_PASSWORD_CANT_CHANGE= ~$ADS_UF_PASSWORD_CANT_CHANGE
 
$UserFlags = $UserFlags & $NOT_ADS_UF_PASSWORD_CANT_CHANGE


That first sentence reminds me of an old English joke:

How can you use the word "and" five time consecutively in a sentence and still make sense?


Answer in white below (highlight it if you can't see it):

A fish and chip shop owner is having a new sign made. He comes out of the shop and says to the sign-writer:

"The sign is no good. You have not left enough space between FISH and AND and AND and CHIPS."
Top
#157400 - 2006-02-17 05:18 PM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
'~' (Binary Not ???)

is new too, aye ?
Man, too much work, too less fun recently

[edit]
Here is the same problem with a nice explanation by Richard : http://www.kixtart.org/ubbthreads/showfl...part=1&vc=1 [/edit]

Edited by Jochen (2006-03-15 04:37 PM)
_________________________



Top
#157401 - 2006-02-19 08:16 AM Re: ADS_USER_FLAG --- How to manipulate the right to change password ?
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
You should not be using the Xor function with UserFlags bit setting.

To set a any bit: $UserFlags | $BitValue
To clear any bit: $UserFlags & ~$BitValue.

All the bit value are listed on my site: http://home.comcast.net/~habullock/Win32Admin.htm#User

You can use the hex value or the decimal values.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 1183 anonymous users online.
details
Newest Members
batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.033 seconds in which 0.013 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org