>clear > >* cDomain = "mydomain" >cDomain = inputbox("Please specify what domain you want to use:") > >cUserName = alltrim(substr(sys(0), at("#", sys(0)) + 1)) >cComputer = alltrim(left(sys(0), at("#", sys(0)) - 1)) > >* Note these moniker types are case-sensitive: Winnt:// *will not work* > >oUser = getobject("WinNT://" + cDomain + "/" + cUserName + ",user") > >* The AccountDisabled property doesn't appear in the property list (why ??) >* (Neither do properties inherited from parent class (IADs) >* like ADSPath, GUID, Schema) > >if oUser.AccountDisabled > ? "Account is disabled" > ? >endif > >? "User properties for " + cUserName >* Populate the properties (the data may be there but the propertycount >* isn't until this has been called) >oUser.GetInfo() >ShowProperties(oUser) > >? >? "Group properties for " >for each oGroup in oUser.Groups > ?? ['] + oGroup.name + ['] > ShowProperties(oGroup) > * One will suffice. > exit >next >? > >oComputer = getobject("WinNT://" + cDomain + "/" + cComputer + ",computer") >oComputer.GetInfo() > >? "Workstation properties for " + cComputer >ShowProperties(oComputer) > >procedure ShowProperties > > lparameters oObject > > for nCount = 0 to oObject.PropertyCount - 1 > > * Access the properties collection. > oProperty = oObject.item[nCount] > ? oProperty.name > if not isnull(oProperty.values) > > for each oValue in oProperty.values > vValue = GetPropertyValue(oValue) > ?? " : " + transform(vValue) > > if oProperty.name = "UserFlags" > GetUserRights(vValue) > endif > > next > > endif > next > >endproc > >procedure GetPropertyValue > > lparameters oValue > > local vValue, nType > nType = oValue.ADSType > > * Each type has it's own method to return the value (note to designer - ??) > > do case > case nType = 1 > vValue = oValue.DNString() > > case nType = 2 > vValue = oValue.CaseExactString() > > case nType = 3 > vValue = oValue.CaseIgnoreString() > > case nType = 4 > vValue = oValue.PrintableString() > > case nType = 5 > vValue = oValue.NumericString() > > case nType = 6 > vValue = oValue.Boolean() > > case nType = 7 > * Reserved word > vValue = oValue.integer() > > case nType = 8 > vValue = oValue.OctetString() > > case nType = 9 > vValue = oValue.UTCTime() > > case nType = 10 > vValue = oValue.LargeInteger() > > case nType = 25 > vValue = oValue.SecurityDescriptor() > > otherwise > * Other types can't be obtained through this interface. > vValue = .null. > > endcase > > return vValue > >endproc > >procedure GetUserRights > > lparameters nFlags > > if bittest(nFlags, 0) && ADS_UF_SCRIPT, 1 > ? "The logon script is executed." > endif > > if bittest(nFlags, 1) && ADS_UF_ACCOUNTDISABLE, 2 > ? "The user account is disabled." > endif > > if bittest(nFlags, 2) && ?? > ? "The third bit is set." > endif > > if bittest(nFlags, 3) && ADS_UF_HOMEDIR_REQUIRED, 8 > ? "The home directory is required." > endif > > if bittest(nFlags, 4) && ADS_UF_LOCKOUT, 16 > ? "The account is currently locked out." > endif > > if bittest(nFlags, 5) && ADS_UF_PASSWD_NOTREQD, 32 > ? "No password is required." > endif > > if bittest(nFlags, 6) && ADS_UF_PASSWD_CANT_CHANGE, 64 > ? "The user cannot change the password." > endif > > if bittest(nFlags, 7) && ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, 128 > ? "The user can send an encrypted password." > endif > > if bittest(nFlags, 8) && ADS_UF_TEMP_DUPLICATE_ACCOUNT, 256 > ? "This is an account for users whose primary account is in another domain." > endif > > if bittest(nFlags, 9) && ADS_UF_NORMAL_ACCOUNT, 512 > ? "This is a default account type that represents a normal user." > endif > > if bittest(nFlags, 10) && ?? > ? "The tenth bit is set." > endif > > if bittest(nFlags, 11) && ADS_UF_INTERDOMAIN_TRUST_ACCOUNT, 2048 > ? "This is a permit to trust account for a system domain that trusts other domains." > endif > > if bittest(nFlags, 12) && ADS_UF_WORKSTATION_TRUST_ACCOUNT, 4096 > ? "This is an account for a computer which is a member of this domain." > endif > > if bittest(nFlags, 13) && ADS_UF_SERVER_TRUST_ACCOUNT, 8192 > ? "This is a computer account for a system backup domain controller that is a member of this domain." > endif > > if bittest(nFlags, 16) && ADS_UF_DONT_EXPIRE_PASSWD, 65536 > ? "The password will not expire on this account." > endif > > if bittest(nFlags, 23) && ADS_UF_PASSWORD_EXPIRED, 8388608 > ? "The user's password has expired." > endif > > ? > > * Etc. See http://msdn.microsoft.com/library/en-us/adsi/adsi/ads_user_flag_enum.asp > * for the rest and for the full descriptions. > * They are mostly security related: Kerberos, smartcards, DES etc. > >endproc > >* User rights constants > >* Not all bits are defined here. Some may be for internal use? >#define ADS_UF_SCRIPT 1 >#define ADS_UF_ACCOUNTDISABLE 2 >#define ADS_UF_HOMEDIR_REQUIRED 8 >#define ADS_UF_LOCKOUT 16 >#define ADS_UF_PASSWD_NOTREQD 32 >#define ADS_UF_PASSWD_CANT_CHANGE 64 >#define ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 128 >#define ADS_UF_TEMP_DUPLICATE_ACCOUNT 256 >#define ADS_UF_NORMAL_ACCOUNT 512 >#define ADS_UF_INTERDOMAIN_TRUST_ACCOUNT 2048 >#define ADS_UF_WORKSTATION_TRUST_ACCOUNT 4096 >#define ADS_UF_SERVER_TRUST_ACCOUNT 8192 >#define ADS_UF_DONT_EXPIRE_PASSWD 65536 >#define ADS_UF_MNS_LOGON_ACCOUNT 131072 >#define ADS_UF_SMARTCARD_REQUIRED 262144 >#define ADS_UF_TRUSTED_FOR_DELEGATION 524288 >#define ADS_UF_NOT_DELEGATED 1048576 >#define ADS_UF_USE_DES_KEY_ONLY 2097152 >#define ADS_UF_DONT_REQUIRE_PREAUTH 4194304 >#define ADS_UF_PASSWORD_EXPIRED 8388608 >#define ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 16777216 > >* Property type constants > >#define ADSTYPE_INVALID 0 && The data type is invalid. >#define ADSTYPE_DN_STRING 1 && the string is a Distinguished Name (path) of a directory service object. >#define ADSTYPE_CASE_EXACT_STRING 2 && the string is the case-sensitive type. >#define ADSTYPE_CASE_IGNORE_STRING 3 && the string is the case-insensitive type. >#define ADSTYPE_PRINTABLE_STRING 4 && The string is displayable on screen or in print. >#define ADSTYPE_NUMERIC_STRING 5 && the string is a numeral to be interpreted as text. >#define ADSTYPE_BOOLEAN 6 && the data is a Boolean value. >#define ADSTYPE_INTEGER 7 && the data is an integer value. >#define ADSTYPE_OCTET_STRING 8 && the string is a byte array. >#define ADSTYPE_UTC_TIME 9 && the data is the universal time as expressed in Universal Time Coordinate (UTC). >#define ADSTYPE_LARGE_INTEGER 10 && the data is a long integer value. >#define ADSTYPE_PROV_SPECIFIC 11 && the string is a provider-specific string. >#define ADSTYPE_OBJECT_CLASS 12 && Not used. >#define ADSTYPE_CASEIGNORE_LIST 13 && the data is a list of case insensitive strings. >#define ADSTYPE_OCTET_LIST 14 && the data is a list of octet strings. >#define ADSTYPE_PATH 15 && the string is a directory path. >#define ADSTYPE_POSTALADDRESS 16 && the string is the postal address type. >#define ADSTYPE_TIMESTAMP 17 && the data is a time stamp in seconds. >#define ADSTYPE_BACKLINK 18 && the string is a back link. >#define ADSTYPE_TYPEDNAME 19 && the string is a typed name. >#define ADSTYPE_HOLD 20 && the data is the Hold data structure. >#define ADSTYPE_NETADDRESS 21 && the string is a net address. >#define ADSTYPE_REPLICAPOINTER 22 && the data is a replica pointer. >#define ADSTYPE_FAXNUMBER 23 && the string is a fax number. >#define ADSTYPE_EMAIL 24 && the data is an e-mail message. >#define ADSTYPE_NT_SECURITY_DESCRIPTOR 25 && the data is Windows NT/Windows 2000 security descriptor as represented by a byte array. >#define ADSTYPE_UNKNOWN 26 && the data is an undefined type. >#define ADSTYPE_DN_WITH_BINARY 27 && The data is used for mapping a distinguished name to a non varying GUID. >#define ADSTYPE_DN_WITH_STRING 28 && The data is used for mapping a distinguished name to a non-varying string value. > >