2.2.1.12 USER_ACCOUNT Codes

These values are attributes of a user account and can be combined by using a bitwise OR operation. They are used in the UserAccountControl field for user objects. For more information, see section 2.2.6.1.

Constant/value

Description

USER_ACCOUNT_DISABLED

0x00000001

Specifies that the account is not enabled for authentication.

USER_HOME_DIRECTORY_REQUIRED

0x00000002

Specifies that the homeDirectory attribute is required.

USER_PASSWORD_NOT_REQUIRED

0x00000004

Specifies that the password-length policy does not apply to this user.

USER_TEMP_DUPLICATE_ACCOUNT

0x00000008

This bit is ignored by clients and servers.

USER_NORMAL_ACCOUNT

0x00000010

Specifies that the user is not a computer object.

USER_MNS_LOGON_ACCOUNT

0x00000020

This bit is ignored by clients and servers.

USER_INTERDOMAIN_TRUST_ACCOUNT

0x00000040

Specifies that the object represents a trust object. For more information about trust objects, see [MS-LSAD].

USER_WORKSTATION_TRUST_ACCOUNT

0x00000080

Specifies that the object is a member workstation or server.

USER_SERVER_TRUST_ACCOUNT

0x00000100

Specifies that the object is a DC.

USER_DONT_EXPIRE_PASSWORD

0x00000200

Specifies that the maximum-password-age policy does not apply to this user.

USER_ACCOUNT_AUTO_LOCKED

0x00000400

Specifies that the account has been locked out.

USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED

0x00000800

Specifies that the cleartext password is to be persisted.

USER_SMARTCARD_REQUIRED

0x00001000

Specifies that the user can authenticate only with a smart card.

USER_TRUSTED_FOR_DELEGATION

0x00002000

This bit is used by the Kerberos protocol. It indicates that the "OK as Delegate" ticket flag (described in [RFC4120] section 2.8) is to be set.

USER_NOT_DELEGATED

0x00004000

This bit is used by the Kerberos protocol. It indicates that the ticket-granting tickets (TGTs) of this account and the service tickets obtained by this account are not marked as forwardable or proxiable when the forwardable or proxiable ticket flags are requested. For more information, see [RFC4120].

USER_USE_DES_KEY_ONLY

0x00008000

This bit is used by the Kerberos protocol. It indicates that only des-cbc-md5 or des-cbc-crc keys (as defined in [RFC3961]) are used in the Kerberos protocol for this account.

USER_DONT_REQUIRE_PREAUTH

0x00010000

This bit is used by the Kerberos protocol. It indicates that the account is not required to present valid pre-authentication data, as described in [RFC4120] section 7.5.2.

USER_PASSWORD_EXPIRED

0x00020000

Specifies that the password age on the user has exceeded the maximum password age policy.

USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION

0x00040000

This bit is used by the Kerberos protocol, as specified in [MS-KILE] section 3.3.1.1.

USER_NO_AUTH_DATA_REQUIRED

0x00080000

This bit is used by the Kerberos protocol. It indicates that when the key distribution center (KDC) is issuing a service ticket for this account, the privilege attribute certificate (PAC) is not to be included. For more information, see [RFC4120].

USER_PARTIAL_SECRETS_ACCOUNT

0x00100000

Specifies that the object is a read-only domain controller (RODC).

USER_USE_AES_KEYS

0x00200000

This bit is ignored by clients and servers.