Active Directory userAccountControl flags

I was creating an Active Directory (AD) security auditing tool in Go and Python when I stumbled upon the UserAccountControl flags. This attribute can hold multiple statuses like ACCOUNTDISABLE, NORMAL_ACCOUNT, or DONT_EXPIRE_PASSWORD. It uses a bit-field; a bit-field is a group of bits with each bit representing a value. It is an efficient way of handling multiple statues of a record.

A tool that helps identify the property flags. Since a bit-field can hold a range of values, I need a tool that can help me look up the value it represents. I created a simple JavaScript application that converts decimal values and maps them to corresponding property flags. 

active-directory-useraccountcontrol-514

For example, I have a decimal value of 514 from the userAccountControl field. The application converts the value from 514 to its corresponding property flags (ACCOUNTDISABLE, NORMAL_ACCOUNT).

Decimal Value
  Property flag Value in hexadecimal Value in decimal
Property flag to Decimal

Leave a Reply