CODEWITHSUNDEEP
windowspowershelluser-management
User 5842
User 5842

Reputation: 3029

Modifying UserAccountControl Flags - Toggling a Flag

I am wondering if there is a way to toggle a UserAccountControl flag on or off despite the other flags' states. For example, let's say we have a configuration like the following:

Admin Flag Configuration

How would I only toggle the 'Password never expires' flag to true despite the current $user.UserFlags.value?

When all of the flags are toggled off, the $user.UserFlags.value is 513. When only the 'Password never expires' flag is toggled, the $user.UserFlags.value is 66049.

As you can imagine, there are a range of numbers that the $user.UserFlags.value can reflect for different configurations as mentioned in the following article:

How to use the UserAccountControl flags to manipulate user account properties

I feel like I can come up with a solution using bit-wise manipulation with masks but need some guidance. My end goal is to write a Power Shell script to toggle this value on no matter what the current configuration may be.

Any suggestions?

Upvotes: 0

Views: 1014

Answers (1)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200473

The operation you're looking for is XOR. Use the bitwise XOR operator (-bxor) to conflate the current UserFlags value with the flag you want to toggle (in this case 0x10000 or 65536 for the flag DONT_EXPIRE_PASSWORD) and commit the change:

$user.InvokeSet('UserFlags', $user.UserFlags.Value -bxor 0x10000)
$user.CommitChanges()

For more information see the "Bitwise Operators" section in about_Comparison_Operators.

Upvotes: 1

Related Questions