acctflags attribute and disabled account

Kevin Myer kevin_myer at
Thu May 27 22:25:21 GMT 1999


In searching the archives and looking through a few other people's LDAP
entries, I am assuming that the attribute acctflags=[DU      ] indicates
that the user is a domain user (I could be horribly wrong too).  Well, on
my system, the D doesn't stand for domain - it stands for disabled.  With
those account flags set, I cannot log in.  If I change it to just "U", I
can login but I don't have access to domain privileges, like adding user
accounts or machine accounts.  What should the acctflags attribute be set
to for a domain administrator?  Is this another case of byte ordering
mixup, whereby NT is only seeing the first byte?  Perhaps an even dumber
question is does NT rely on simple plaintext letters to ascertain the
status or level of accounts?

Thanks much

(who is going home satisfied that he got something done today!)

     ~        Kevin M. Myer
    . .       Network/System Administrator
    /V\       ELANCO School District
   // \
  /(   )\

More information about the samba-ntdom mailing list