First of appologies if this should be on server-fault, but it's to do with PHP as well, so I thought this the best site for it.
I'm creating a few methods to integrate our intranet with Active Directory. One of the methods will automatically search our database for new users, and create user accounts in AD if new users are found.
Likewise, if a user is marked as left in the database, it will automatically disable the account in active directory.
I've been looking at the attributes passed from active directory, and in particular the User Account Control field.
On the microsoft website it states this under its list of attributes:
The following table lists possible flags that you can assign. You cannot set some
of the values on a user or computer object because these values can be set or
reset only by the directory service. The flags are cumulative. To disable a
user's account, set the UserAccountControl attribute to 0x0202 (0x002 + 0x0200). In
decimal, this is 514 (2 + 512).
Question My question is, if we use the example above, to mark a record as a user (512) and disabled (2), this ultimately makes the field value returned by AD as 514.
In PHP, how can I extract what flags have been marked on the record? For example, If given 514
, how can I use PHP to work out that its a normal user account, and also disabled (2 and 512)?
For example split the following:
Flag | Splits into | Flag Meaning
--------+------------------+---------------------------------------------------------
514 | 512 + 2 | Normal User Account + Disabled
522 | 512 + 2 + 8 | Normal User Account + Disabled + Home Directory Required
8389120 | 8388608 + 512 | Password Expired + Normal User Account
I hope you can understand my question, but feel free to ask for confirmation or more details.
Many thanks