Active Directory user accounts have an attribute called userAccountControl which is used to control items such as Account Lockout, Account Disabled, Password Never Expires, User Cannot Change Password etc. This is determined by an integer value... based on the value the system knows which options are enabled and which are disabled. The value 512 is the base value for all normal user accounts. To understand all integers that make this attribute work please refer to the following KB article.
http://support.microsoft.com/kb/305144
AD LDS (ADAM) does not support the userAccountControl attribute. Instead, AD LDS uses several individual attributes to hold the information that is contained in the flags of the userAccountControl attribute.
For a list of these attributes please refer to the following MSDN article:
http://msdn.microsoft.com/en-us/library/aa772124.aspx
Any userAccountControl flags that are not listed below are not supported by AD LDS.
Subscribe to:
Post Comments (Atom)
![Clint Boessen [MVP]](http://3.bp.blogspot.com/_nldKmk1qZaA/SdGtiaemEvI/AAAAAAAAAAM/4RmgIHpj-0M/S187/profile.jpg)
Excellent Article! I personally really appreciate your post. This is a great website. I will make sure that I stop back again!.
ReplyDeletedata recovery colorado
Hi Clint,
ReplyDeleteI have MS win2008 R2, AD server DC with LDAP servies eanbled on it. Also am MS Exch 2010 server with it.
My third party devices of Cisco are getting AD account synchronization, but i can see all my users accounts in the Management of cisco call manager console. but when i try to login to the cisco device Call manager, it give be BAD Credentials error, can you please help me in this regard.
Bundle of Thanks,
MAZ
Hi Maz,
ReplyDeleteSure I'm happy to assist please get in contact with me by flicking through an email to Clint.boessen@avantgardetechnologies.com.au