User Account Control (UAC) in Active Directory is a numerical value that defines the status and properties of user accounts. Microsoft represents this value as a set of bitwise flags, where each flag indicates a specific account property.
Examples:
512 (NORMAL_ACCOUNT): The account is active and a standard user.
514 (ACCOUNTDISABLE): The account is disabled.
544 (NORMAL_ACCOUNT + PASSWD_NOTREQD): Account that does not require a password.
66048 (PASSWORD_EXPIRED): The password has expired.
These values are critical in Active Directory management to check the security and availability of user accounts. The most common use is to determine whether an account is enabled or disabled.
To check with PowerShell:
Get-ADUser -Identity username -Properties userAccountControl | Select-Object Name, userAccountControl
UserAccountControl Values
512 NORMAL_ACCOUNT Normal, active user account
514 ACCOUNTDISABLE Account is disabled
544 NORMAL_ACCOUNT + PASSWD_NOTREQD Account does not require a password
66048 PASSWORD_EXPIRED User’s password has expired
8388608 DONT_EXPIRE_PASSWORD Password never expires
4194304 SMARTCARD_REQUIRED Smart card is required for logon
262144 TRUSTED_FOR_DELEGATION Account is trusted for delegation
65536 DONT_REQUIRE_PREAUTH Kerberos preauthentication not required (security risk)
2 ACCOUNTDISABLE Account disabled (can appear standalone)
© 2025 UAC value - All Rights Reserved.
uacvalue.com is a subsidiary of lab101.info
[email protected]