NerdyHearn
Home
Blog

Contact
Mailing List

Software

Active Directory Products
Object Compare
Permission Compare

IPhone Products
Calls To Calendar
SMS To CSV
SMS To Gmail
Voicemail To Gmail

Sites
DocuTerminal
How Long For Me
My Music To Me
SaveMySerials
TypeCount

Blog
Twitter

NerdyHearn - Blog


<< Back To All Blogs

Bitmasking userAccountControl attribute in LDAP from C#

Wednesday, April 8th, 2009

As I have been doing some LDAP work lately, it is very important that one becomes accustomed to bitmasking while pulling information in C#. Many of the very low-level attributes and rights are stored as maskable integers.

Bitmasking is simply ANDing the integer value with a pre-defined binary integer to see if it equals 0 or the integer itself. If it equals 0, your test-case has resolved to not being flagged for that bit.

The userAccountControl attribute in all Active Directory user type objects is how you can determine if an account has, for example, been disabled. There are a number of different types of information you can pull from this field, but for my example I will use to check if the account has been disabled.

The bit-value integer for disabled is 0x2, which is an integer-value of 2.

In order to check if this flag is set, we do the following:

int myvalue = 512;
int maskvalue = 2; // This could also be int maskvalue = 0x2;
int result = myvalue & maskvalue;

if (result == maskvalue) {
// It is disabled, BOOOO
} else {
// It is enabled, YAY
}

This is just one of the many fields you can check for in LDAP using bit-masking.

In the case of the userAccountControl, I created an enum with all available values because we might be using these again in the future. This enum is as follows:

public enum LdapUserAccountFlags
{
Script = 1,
AccountDisabled = 2,
HomeDirectoryRequred = 8,
LockedOut = 16,
PasswordNotRequred = 32,
CannotChangePassword = 64,
EncryptedTextPasswordAllowed = 128,
TemporaryDuplicateAccount = 256,
NormalAccount = 512,
InterdomainTrustAccount = 2048,
WorkstationTrustAccount = 4096,
ServerTrustAccount = 8192,
NeverExpirePassword = 65536,
MNSLogonAccount = 131072,
SmartcardRequired = 262144,
TrustedForDelegation = 524288,
NotDelegated = 1048576,
UseDESKeyOnly = 2097152,
DontRequirePreAuth = 4194304,
PasswordExpired = 8388608,
TrustedToAuthForDelegation = 16777216
}

You can then bitmask the specific enum value, without having to remember all of the pre-defined constant integers provided by Microsoft.

Bitmaskin' Tom Out.


Tags

CSharp LDAP

Related Blogs

Creating a reusable web client for PUT, POST, and DELETE in C#
Resizing Images in C#

Fixing "Error in loading DLL" in SharePoint
Creating an MD5 String Extension method in C#

Comments

Currently no comments.

Add A Comment

Name:


URL:


Email Address: (not public, used to send notifications on further comments)


Comments:



Enter the text above, except for the 1st and last character:


NerdyHearn - Latest tech news relating to C#, ASP.NET, SharePoint, PHP, general development, and more. DocuTerminal - Online Filing Cabinet solution. Scan, search and archive your paper documents. SaveMySerials - Protect yourself from theft, fire, natural disasters and more by recording your serial numbers My Music To Me - Stream your subsonic music collection to your Sonos wireless system TypeCount - Count how often you type across different computers! ServrTrackr - Monitor your SSL certificates, website uptime, and DNS configurations