0

I have been working with System.DirectoryServices for a while in a project involving Active Directory. I am curious on the implementation of the UserAccountControl property to control the attributes of a particular account. If I wanted to implement settings in my own applications using a combination of bytes to determine the state of x or y setting, how would I go about doing this in C#? Say that I would like to implement a useraccountcontrol property on my own class and I want to use a combination of bytes to determine which permissions the account should have.

Here is the way it is modified in Active Directory: http://support.microsoft.com/kb/305144

and here is the place with the object definition: http://msdn.microsoft.com/en-us/library/ms680832%28VS.85%29.aspx

Edit:

Say that I have a User class of my own and I want to implement a property similar to the way UserAccountControl is implemented in Active Directory. Let's say I want to have a set of four bytes storing the settings.

I want to use the last byte to determine the account status, 0 = Account Inactive 1= Account Active 2=Account Expired 4=Some Other Status 8=Yet Another Status.

Then the next byte to the left I want to contain the account type: 16=Admin Account, 32=Regular Account, 64=Guest Account, 128 = Other Account.

Then use the next byte to the left to set some other setting so that 256 = something, 512 = something else, 1024 = something else, etc.

I would like to combine this to use bitwise combinations to set the account properties. I have the idea in my head, but I am not sure how to implement it, or if it even makes sense what I am trying to do.

Edit: After receiving the answer and doing some more digging I found this link that talks more about setting Flags: http://msdn.microsoft.com/en-us/library/ms229062.aspx

jangeador
  • 594
  • 1
  • 6
  • 17
  • 1
    Sorry Whats your question? Do you want to know which combinations come out given a hex value? – Raymund Nov 02 '10 at 22:13
  • I edited the question adding more information, perhaps it makes more sense now. – jangeador Nov 02 '10 at 22:38
  • I am not sure how to do this, but my question is related to http://stackoverflow.com/questions/8447/enum-flags-attribute in case someone knows how to link it. – jangeador Nov 03 '10 at 01:12

1 Answers1

1

Let's define a helper type:

[Flags]
public enum UserAccountControl {
    // values from http://support.microsoft.com/kb/305144
    Script = 0x0001,
    AccountDisabled = 0x0002,
    HomeDirRequired = 0x0008,
    Lockout = 0x0010,
    PasswordNotRequired = 0x0020,
    PasswordCantChange = 0x0040,
    EncryptedTextPasswordAllowed = 0x0080,
    TempDuplicateAccount = 0x0100,
    NormalAccount = 0x0200,
    InterDomainTrustAccount = 0x0800,
    WorkstationTrustAccount = 0x1000,
    ServerTrustAccount = 0x2000,
    DontExpirePassword = 0x10000,
    MnsLogonAccount = 0x20000,
    SmartcardRequired = 0x40000,
    TrustedForDelegation = 0x80000,
    Delegated = 0x100000,
    UseDesKeyOnly = 0x200000,
    DontReqPreauth = 0x400000,
    PasswordExpired = 0x800000,
    TrustedToAuthForDelegation = 0x1000000
}

You can cast between int and enum types (I'm assuming you know how to get one of these values as an integer). Then you could manipulate values using the bitwise operators as follows:

void manipulateUserFlags(UserAccountControl uac) {
    // Set the SCRIPT flag (bitwise OR)
    uac |= UserAccountControl.Script;

    // Clear the ACCOUNTDISABLE flag (complement, bitwise AND)
    uac &= ~UserAccountControl.AccountDisabled;

    // Check for the HOMEDIR_REQUIRED flag (bitwise AND)
    if((uac & UserAccountControl.HomeDirRequired) != UserAccountControl.None) {
        // ...
    }

    // Toggle the NORMAL_ACCOUNT flag (bitwise XOR)
    uac ^= UserAccountControl.NormalAccount;

    // Check for several types of trust, and a required password
    if((uac & UserAccountControl.WorkstationTrustAccount
            & UserAccountControl.ServerTrustAccount
            & ~UserAccountControl.PasswordNotRequired) != UserAccountControl.None) {
        // ...
    }
}

Those are the same bitwise operators that work for integers, but enum types are recommended in C# because they are more strongly-typed. Bitwise manipulation of integers makes a lot more sense in C or C++, because you can test directly on integers in conditionals and because those languages aren't as strongly-typed anyway.

However, if you are going to be implementing this as part of a library, or doing these operations commonly, I'd consider putting more of a design around it, with several enum-based properties that represent groups of similar settings, and int ToADValue and UserAccountControl FromADValue methods. This would give you a clear place to put any validation logic, and it would make code that manipulates these properties even more readable.

We Are All Monica
  • 13,000
  • 8
  • 46
  • 72