Discussion:
msDS-User-Account-Control-Computed
(too old to reply)
Federico
2005-04-11 16:50:57 UTC
Permalink
Hi,
i need to read the ADSI property 'msDS-User-Account-Control-Computed'
as i do using ADSIEDIT; this because i need to now an account is not
LOCKEDOUT after a sistem automatic de-lockout and before the user
logon (in this case the 'lockoutTime' is still NOT 0 so unuseful...).

Why i can't?

I have error reading the property in the standard way:

myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value

THanks in advannce,

Federico
Richa Kumar [MSFT]
2005-04-11 17:20:11 UTC
Permalink
This is a computed attribute and is available only if the server is Windows
2003.

Assuming that AD supports this attribute, you will need to explicitly call
RefreshCache with this attribute name to load it into the DirectoryEntry's
property collection before trying to retrieve it .
Something as follows:

myDirectoryEntry.RefreshCache(new string[]
{"msDS-User-Account-Control-Computed"});
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value;

--Richa Kumar

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Federico
Hi,
i need to read the ADSI property 'msDS-User-Account-Control-Computed'
as i do using ADSIEDIT; this because i need to now an account is not
LOCKEDOUT after a sistem automatic de-lockout and before the user
logon (in this case the 'lockoutTime' is still NOT 0 so unuseful...).
Why i can't?
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value
THanks in advannce,
Federico
Federico
2005-04-13 08:19:24 UTC
Permalink
YES! Thanks a lot!

Another question:
Why only a limited number of the user-attributes (the ADSIEDIT accessible ones)
are accessible using

myDirectoryEntry.Properties["property_name"]

without using

myDirectoryEntry.RefreshCache(new string[] {"Property_name"});

istruction?

Federico
Post by Richa Kumar [MSFT]
This is a computed attribute and is available only if the server is Windows
2003.
Assuming that AD supports this attribute, you will need to explicitly call
RefreshCache with this attribute name to load it into the DirectoryEntry's
property collection before trying to retrieve it .
myDirectoryEntry.RefreshCache(new string[]
{"msDS-User-Account-Control-Computed"});
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value;
--Richa Kumar
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Federico
Hi,
i need to read the ADSI property 'msDS-User-Account-Control-Computed'
as i do using ADSIEDIT; this because i need to now an account is not
LOCKEDOUT after a sistem automatic de-lockout and before the user
logon (in this case the 'lockoutTime' is still NOT 0 so unuseful...).
Why i can't?
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value
THanks in advannce,
Federico
Joe Kaplan (MVP - ADSI)
2005-04-13 17:29:28 UTC
Permalink
There are essentially 2 different kinds of attributes in AD; normal and
constructed. Normal attributes are returned as part of a "default" search
(which is what S.DS does under the hood when you get the properties).
Constructed attributes are only returned when they are requested
specifically by name. They are not returned from a default search.

RefreshCache essentially does a default search. RefreshCache(string[])
requests only the attributes you asked for, but can also request constructed
attributes because you list the attributes you want by name.

You can tell which attributes in AD are constructed or not examining the AD
schema and looking at the systemFlags attribute on each attribute schema
object. The flag values are documented in the ADSI SDK as
ADS_SYSTEMFLAG_ENUM.

HTH,

Joe K.
Post by Federico
YES! Thanks a lot!
Why only a limited number of the user-attributes (the ADSIEDIT accessible ones)
are accessible using
myDirectoryEntry.Properties["property_name"]
without using
myDirectoryEntry.RefreshCache(new string[] {"Property_name"});
istruction?
Federico
Post by Richa Kumar [MSFT]
This is a computed attribute and is available only if the server is Windows
2003.
Assuming that AD supports this attribute, you will need to explicitly call
RefreshCache with this attribute name to load it into the
DirectoryEntry's
property collection before trying to retrieve it .
myDirectoryEntry.RefreshCache(new string[]
{"msDS-User-Account-Control-Computed"});
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value;
--Richa Kumar
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Post by Federico
Hi,
i need to read the ADSI property 'msDS-User-Account-Control-Computed'
as i do using ADSIEDIT; this because i need to now an account is not
LOCKEDOUT after a sistem automatic de-lockout and before the user
logon (in this case the 'lockoutTime' is still NOT 0 so unuseful...).
Why i can't?
myDirectoryEntry.Properties["msDS-User-Account-Control-Computed"].Value
THanks in advannce,
Federico
Loading...