Property Name

Description

Typical setting

Remarks

Domain

%Domain%

Often the domain name is used in many different actions, and is determined and stored in a variable previous to the action ( e.g. %Domain%). The name of the domain can be either in DNS or NETBIOS style. (e.g. Tools4ever.com or TOOLS4EVER). For more information on how to specify the domain/OU/container in which the user account is created, see the Remarks section below.

Description

A description associated with the user account

Account disabled

Output only property. When this property is set to Yes, the account does exist but cannot be used to logon to the network

Based on property flag ACCOUNTDISABLE (hex value 0x0002).

No password required

Output only property. When this property is set to Yes, no password is required for the user account

Based on property flag PASSWD_NOTREQD (hex value 0x0020)

User cannot change password

Output only property. When this property is set to Yes, the user cannot change the password. Only the administrator can change the password.

Based on property flag PASSWD_CANT_CHANGE (hex value 0x0040)

Locked out

Output only property. When this property is set to Yes, the user account is currently locked out.

 Based on property flag LOCKOUT (hex value 0x0010)

Password never expires

Output only property. When this property is set to Yes, the password for the account will never expire.

 Based on property flag DONT_EXPIRE_PASSWD .

Relative identifier

Output only property. The relative identifier (RID) uniquely defines the user account within the domain

In Windows 2000, the relative identifier (RID) is the part of a security ID (SID) that uniquely identifies an account or group within a domain. Each newly created object in Active Directory is automatically assigned to an RID. Each domain controller has a pool of RIDs. If necessary, Windows adds to these pools in batches of 500. You chan check the range of RIDs in a current pool using the system command dcdiag /v /test:ridmanager