• Home
• com.hairyfatguy
• com_hfg
• 20240404
• source code
• UserAccountControlFlag.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.hfg.ldap.ad.UserAccountControlFlag Maven / Gradle / Ivy

package com.hfg.ldap.ad;


import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;

//------------------------------------------------------------------------------
/**
 Active Directory user account control flags.
 

  These are the default UserAccountControl values for the certain objects:
  

   
Typical user : 0x200 (512)
   
Domain controller : 0x82000 (532480)
   
Workstation/server: 0x1000 (4096)
  
 
 

 @author J. Alex Taylor, hairyfatguy.com
 
 */
//------------------------------------------------------------------------------
// com.hfg XML/HTML Coding Library
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
// J. Alex Taylor, President, Founder, CEO, COO, CFO, OOPS hairyfatguy.com
// [email protected]
//------------------------------------------------------------------------------

public enum UserAccountControlFlag
{
   /** The logon script will be run. */
   SCRIPT(1),
   /** The user account is disabled. */
   ACCOUNTDISABLE(2),
   /** The home folder is required. */
   HOMEDIR_REQUIRED(8),
   /** The user account is locked. */
   LOCKOUT(16),
   /** No password is required. */
   PASSWD_NOTREQD(32),
   /** The user cannot change the password. */
   PASSWD_CANT_CHANGE(64),
   /** The user can send an encrypted password. */
   ENCRYPTED_TEXT_PWD_ALLOWED(128),
   /** This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account. */
   TEMP_DUPLICATE_ACCOUNT(256),
   /** This is a default account type that represents a typical user. */
   NORMAL_ACCOUNT(512),
   /** This is a permit to trust an account for a system domain that trusts other domains. */
   INTERDOMAIN_TRUST_ACCOUNT(2048),
   /** This is a computer account for a computer that is running Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional, or Windows 2000 Server and is a member of this domain. */
   WORKSTATION_TRUST_ACCOUNT(4096),
   /** This is a computer account for a domain controller that is a member of this domain. */
   SERVER_TRUST_ACCOUNT(8192),
   /** Represents the password, which should never expire on the account. */
   DONT_EXPIRE_PASSWORD(65536),
   /** This is an MNS logon account. */
   MNS_LOGON_ACCOUNT(131072),
   /** When this flag is set, it forces the user to log on by using a smart card. */
   SMARTCARD_REQUIRED(262144),
   /** When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account. */
   TRUSTED_FOR_DELEGATION(524288),
   /** When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation. */
   NOT_DELEGATED(1048576),
   /** (Windows 2000/Windows Server 2003) Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. */
   USE_DES_KEY_ONLY(2097152),
   /** (Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logging on. */
   DONT_REQ_PREAUTH(4194304),
   /** (Windows 2000/Windows Server 2003) The user's password has expired. */
   PASSWORD_EXPIRED(8388608),
   /** (Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.  */
   TRUSTED_TO_AUTH_FOR_DELEGATION(16777216),
   /** (Windows Server 2008/Windows Server 2008 R2) The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server. */
   PARTIAL_SECRETS_ACCOUNT(67108864);

   private int mBit;

   //--------------------------------------------------------------------------
   UserAccountControlFlag(int inBit)
   {
      mBit = inBit;
   }

   //--------------------------------------------------------------------------
   public int intValue()
   {
      return mBit;
   }


   //--------------------------------------------------------------------------
   public static EnumSet fromBitFlags(int inValue)
   {
      List flags = new ArrayList<>(5);

      for (UserAccountControlFlag flag : UserAccountControlFlag.values())
      {
         if ((inValue & flag.intValue()) == flag.intValue())
         {
            flags.add(flag);
         }
      }

      return EnumSet.copyOf(flags);
   }
}