Below is a script that will output a list of Active Directory account attributes (password never expires, user cannot change password, etc) for an individual account.
Set objUser = GetObject("LDAP://cn=UserName,ou=OUName,dc=dcprefix,dc=dcsuffix")
intUAC = objUser.Get("userAccountControl")
Const ADS_UF_SCRIPT = &H1
Const ADS_UF_ACCOUNTDISABLE = &H2
Const ADS_UF_HOMEDIR_REQUIRED = &H8
Const ADS_UF_LOCKOUT = &H10
Const ADS_UF_PASSWD_NOTREQD = &H20
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80
Const ADS_UF_TEMP_DUPLICATE_ACCOUNT = &H100
Const ADS_UF_NORMAL_ACCOUNT = &H200
Const ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = &H800
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = &H1000
Const ADS_UF_SERVER_TRUST_ACCOUNT = &H2000
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_UF_MNS_LOGON_ACCOUNT = &H20000
Const ADS_UF_SMARTCARD_REQUIRED = &H40000
Const ADS_UF_TRUSTED_FOR_DELEGATION = &H80000
Const ADS_UF_NOT_DELEGATED = &H100000
Const ADS_UF_USE_DES_KEY_ONLY = &H200000
Const ADS_UF_DONT_REQUIRE_PREAUTH = &H400000
Const ADS_UF_PASSWORD_EXPIRED = &H800000
Const ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &H1000000
Dim arrUserAttrib(19)
Set dictUser = CreateObject("Scripting.Dictionary")
dictUser.CompareMode = TextCompare
dictUser.Add "List of account attributes currently enabled:", ""
arrUserAttrib(0) = ADS_UF_ACCOUNTDISABLE
arrUserAttrib(1) = ADS_UF_HOMEDIR_REQUIRED
arrUserAttrib(2) = ADS_UF_LOCKOUT
arrUserAttrib(3) = ADS_UF_PASSWD_NOTREQD
arrUserAttrib(4) = ADS_UF_PASSWD_CANT_CHANGE
arrUserAttrib(5) = ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
arrUserAttrib(6) = ADS_UF_TEMP_DUPLICATE_ACCOUNT
arrUserAttrib(7) = ADS_UF_NORMAL_ACCOUNT
arrUserAttrib(8) = ADS_UF_INTERDOMAIN_TRUST_ACCOUNT
arrUserAttrib(9) = ADS_UF_WORKSTATION_TRUST_ACCOUNT
arrUserAttrib(10) = ADS_UF_SERVER_TRUST_ACCOUNT
arrUserAttrib(11) = ADS_UF_DONT_EXPIRE_PASSWD
arrUserAttrib(12) = ADS_UF_MNS_LOGON_ACCOUNT
arrUserAttrib(13) = ADS_UF_SMARTCARD_REQUIRED
arrUserAttrib(14) = ADS_UF_TRUSTED_FOR_DELEGATION
arrUserAttrib(15) = ADS_UF_NOT_DELEGATED
arrUserAttrib(16) = ADS_UF_USE_DES_KEY_ONLY
arrUserAttrib(17) = ADS_UF_DONT_REQUIRE_PREAUTH
arrUserAttrib(18) = ADS_UF_PASSWORD_EXPIRED
arrUserAttrib(19) = ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
For Each attrib In arrUserAttrib
If (intUAC AND attrib) <> 0 Then
AddUserFlag(attrib)
End If
Next
Function AddUserFlag(attrib)
Select Case attrib
Case 2
dictUser.Add " - The user account is disabled. (ADS_UF_ACCOUNTDISABLE)", ""
Case 8
dictUser.Add " - The user account home directory is required. (ADS_UF_HOMEDIR_REQUIRED)", ""
Case 16
dictUser.Add " - The account is currently locked out. (ADS_UF_LOCKOUT)", ""
Case 32
dictUser.Add " - No password is required. (ADS_UF_PASSWD_NOTREQD)", ""
Case 64
dictUser.Add " - The user cannot change the password. (ADS_UF_PASSWD_CANT_CHANGE)", ""
Case 128
dictUser.Add " - The user can send an encrypted password. (ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)", ""
Case 256
dictUser.Add " - The users primary account is in another domain. (ADS_UF_TEMP_DUPLICATE_ACCOUNT)", ""
Case 512
dictUser.Add " - The account type is normal. (ADS_UF_NORMAL_ACCOUNT)", ""
Case 2048
dictUser.Add " - The account is setup as an Interdomain Trust Account. (ADS_UF_INTERDOMAIN_TRUST_ACCOUNT)", ""
Case 4096
dictUser.Add " - This is a computer account for a Windows 2000 Professional or Windows 2000 Server that is a member of this domain. (ADS_UF_WORKSTATION_TRUST_ACCOUNT)", ""
Case 8192
dictUser.Add " - This is a computer account for a system backup domain controller that is a member of this domain. (ADS_UF_SERVER_TRUST_ACCOUNT)", ""
Case 65536
dictUser.Add " - The user account password is set to not expire. (ADS_UF_DONT_EXPIRE_PASSWD)", ""
Case 131072
dictUser.Add " - This is an Majority Node Set (MNS) logon account. (ADS_UF_MNS_LOGON_ACCOUNT)", ""
Case 262144
dictUser.Add " - The user must log on using a smart card. (ADS_UF_SMARTCARD_REQUIRED)", ""
Case 524288
dictUser.Add " - The user account is trusted for Kerberos delegation. (ADS_UF_TRUSTED_FOR_DELEGATION)", ""
Case 1048576
dictUser.Add " - The user account security context will not be delegated to a service even if the service account is set as trusted for Kerberos delegation. (ADS_UF_NOT_DELEGATED)", ""
Case 2097152
dictUser.Add " - The user account is restricted this to use only Data Encryption Standard (DES) encryption types for keys. (ADS_UF_USE_DES_KEY_ONLY)", ""
Case 4194304
dictUser.Add " - The user account does not require Kerberos preauthentication for logon. (ADS_UF_DONT_REQUIRE_PREAUTH)", ""
Case 8388608
dictUser.Add " - The user account is expired. (ADS_UF_PASSWORD_EXPIRED)", ""
Case 16777216
dictUser.Add " - The user account is enabled for delegation. (ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION)", ""
End Select
End Function
coldictUser = dictUser.Keys
For Each key in coldictUser
Wscript.Echo key
Next
Seamless Computing 