Function to convert UserAccountControl number to details text

Shane Clarke, 2019-04-15 (first published: 2019-04-12)

This function can be used to display the details, in readable format, for UserAccountControl key.  It is useful when you need to display the status for user data imported from Active Directory based on the UserAccountControl number.

General outline on implementation:

  1. Create a table (AD_UserAccountControl)  to hold data of AD keys an details for UserAccountControl key
  2. Populate data as documented on http://support.microsoft.com/kb/305144
  3. Create function based on these AD Keys and rules

How to use function:

SELECT [dbo].[fn_AD_UserAccountControlDetails] (514) as TestControlDetails

Returns:  NORMAL_ACCOUNT, ACCOUNTDISABLE

— The function can be be used combined with any table that contains UserAccountControl data

SELECT [Flag] ,[Details],[dbo].[fn_AD_UserAccountControlDetails] (flag) as UserStatus

FROM [dbo].[AD_UserAccountControl]

    --Create table to hold AD UserAccountControl data
CREATE TABLE [dbo].[AD_UserAccountControl](
	[Flag] [decimal](20,0) ,
	[Details] [varchar](100) 
)

--Insert Values from http://support.microsoft.com/kb/305144
insert into AD_UserAccountControl  values(1,'SCRIPT')
insert into AD_UserAccountControl  values(2,'ACCOUNTDISABLE')
insert into AD_UserAccountControl  values(8,'HOMEDIR_REQUIRED')
insert into AD_UserAccountControl  values(16,'LOCKOUT')
insert into AD_UserAccountControl  values(32,'PASSWD_NOTREQD')
insert into AD_UserAccountControl  values(64,'PASSWD_CANT_CHANGE')
insert into AD_UserAccountControl  values(128,'ENCRYPTED_TEXT_PWD_ALLOWED')
insert into AD_UserAccountControl  values(256,'TEMP_DUPLICATE_ACCOUNT')
insert into AD_UserAccountControl  values(512,'NORMAL_ACCOUNT')
insert into AD_UserAccountControl  values(2048,'INTERDOMAIN_TRUST_ACCOUNT')
insert into AD_UserAccountControl  values(4096,'WORKSTATION_TRUST_ACCOUNT')
insert into AD_UserAccountControl  values(8192,'SERVER_TRUST_ACCOUNT')
insert into AD_UserAccountControl  values(65536,'DONT_EXPIRE_PASSWORD')
insert into AD_UserAccountControl  values(131072,'MNS_LOGON_ACCOUNT')
insert into AD_UserAccountControl  values(262144,'SMARTCARD_REQUIRED')
insert into AD_UserAccountControl  values(524288,'TRUSTED_FOR_DELEGATION')
insert into AD_UserAccountControl  values(1048576,'NOT_DELEGATED')
insert into AD_UserAccountControl  values(2097152,'USE_DES_KEY_ONLY')
insert into AD_UserAccountControl  values(4194304,'DONT_REQ_PREAUTH')
insert into AD_UserAccountControl  values(8388608,'PASSWORD_EXPIRED')
insert into AD_UserAccountControl  values(16777216,'TRUSTED_TO_AUTH_FOR_DELEGATION')
insert into AD_UserAccountControl  values(67108864,'PARTIAL_SECRETS_ACCOUNT')
go


-- Create function to call details for UserControlFlag
create FUNCTION [dbo].[fn_AD_UserAccountControlDetails] (@flag decimal(20,0)) 
        RETURNS VARCHAR(max) AS

        BEGIN
            IF @flag IS NULL
            BEGIN
                RETURN 'UNKNOWN'
            END
            
            DECLARE @Details varchar(max), @curr varchar(100)
			select @Details = ''
			while (select @flag) > 0
				begin
					select @Details = @Details + ' ' + (select top 1 details from [dbo].[AD_UserAccountControl] where flag <= @flag order by flag desc)
					select @flag = @flag - (select top 1 flag from [dbo].[AD_UserAccountControl] where flag <= @flag order by flag desc)
				end
            select @Details = replace(ltrim(rtrim(@Details)),' ',', ')
			RETURN @Details
        END

go
-- How to use the function

SELECT [dbo].[fn_AD_UserAccountControlDetails] (514) as TestControlDetails

go
--  The function can be used combined with any table that contains UserAccountControl data
SELECT [Flag] ,[Details],[dbo].[fn_AD_UserAccountControlDetails] (flag) as UserStatus
FROM [dbo].[AD_UserAccountControl]
go

Rate

Share

Share

Rate

Related content

Free eBook: SQL Server Internals: In-Memory OLTP

In this free eBook, Kalen Delaney explains how Microsoft’s 2016 In-memory OLTP engine works. In her book, learn how to use lock- and latch-free data structures to allow non-blocking data processing, and find out how to migrate existing tables to Hekaton.

Press Release

2019-04-10 (first published: 2015-05-13)

55,467 reads