PowerShell Script to Query UserAccountControl Flags

One of the services I provide as a Premier Field Engineer is performing health and security assessments in a customer’s environment and providing them a detailed report.  Recently I was performing an Offline Assessment for Active Directory Security for a customer and several accounts were flagged that had some non-standard userAccountControl flags set. The user…

2

How to Query Individual Properties of the "userAccountControl" Active Directory User property using LDAP

I was working with a customer this week who was asking me how to query Active Directory for valid, active users accounts that were not service accounts.  I made a couple of assumptions; an active account would not be disabled and only service accounts would be set to PASSWORD NEVER EXPIRES.   Initially I tried to query the…

4