USER ACCOUNT CONTROL ATTRUBUTE

Click to use the free calculation tool or you can click on the Calculation tool from the Menu

User Account Control (UAC) in Active Directory is a numerical value that defines the status and properties of user accounts. Microsoft represents this value as a set of bitwise flags, where each flag indicates a specific account property.

Examples:

512 (NORMAL_ACCOUNT): The account is active and a standard user.

514 (ACCOUNTDISABLE): The account is disabled.

544 (NORMAL_ACCOUNT + PASSWD_NOTREQD): Account that does not require a password.

66048 (PASSWORD_EXPIRED): The password has expired.

These values are critical in Active Directory management to check the security and availability of user accounts. The most common use is to determine whether an account is enabled or disabled.



To check with PowerShell:

Get-ADUser -Identity username -Properties userAccountControl | Select-Object Name, userAccountControl


UserAccountControl Values

512                NORMAL_ACCOUNT                                                     Normal, active user account
514                ACCOUNTDISABLE                                                        Account is disabled
544               NORMAL_ACCOUNT + PASSWD_NOTREQD           Account does not require a password
66048          PASSWORD_EXPIRED                                                    User’s password has expired
8388608     DONT_EXPIRE_PASSWORD                                          Password never expires
4194304      SMARTCARD_REQUIRED                                              Smart card is required for logon
262144        TRUSTED_FOR_DELEGATION                                      Account is trusted for delegation
65536          DONT_REQUIRE_PREAUTH                                          Kerberos preauthentication not required (security risk)
2                   ACCOUNTDISABLE                                                         Account disabled (can appear standalone)