How to set user account flag WORKSTATION_TRUST_ACCOUNT in Active Directory using powershell script?

问题

I am trying to set WORKSTATION_TRUST_ACCOUNT (0x1000) flag using a PowerShell command

https://support.microsoft.com/en-us/kb/305144

I searched and found the Set-ADAccountControl command.. https://technet.microsoft.com/en-us/library/ee617249.aspx

But in MSDN it is not written how to set 0x1000.

How to set WORKSTATION_TRUST_ACCOUNT flag using PowerShell command?

They have following flags:

AccountNotDelegated
AllowReversiblePasswordEncryption
AuthType
CannotChangePassword
Credential
DoesNotRequirePreAuth
Enabled
HomedirRequired
MNSLogonAccount
Partition
PassThru
PasswordNeverExpires
PasswordNotRequired
Server
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
Confirm
WhatIf

EDIT :

C# code 
following is my C# code which is throwing error access denied.

const int iFlag = 0x1000;
string sCommonName = "CN=" + sMachineName;

DirectoryEntry deComputer = deOU.Children.Add(sCommonName, "computer");
deComputer.Properties["sAMAccountName"].Value = sMachineName + "$";
deComputer.CommitChanges();

deComputer.Properties["userAccountControl"].Value = iFlag;
deComputer.CommitChanges(); // access denied exception.

回答1:

Here is another way to do it:

$accountName = "userLogin"

$adsiSearcher = New-Object DirectoryServices.DirectorySearcher [ADSI]$null
$adsiSearcher.filter = "(&(objectClass=user)(sAMAccountName=$accountName))"

$adsiSearcherResult = $adsiSearcher.FindOne()
$user = $adsiSearcherResult.GetDirectoryEntry()

if(($user.UserAccountControl[0] -band 4096) -ne 0) {

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is set for $accountName"

} else {

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) is NOT set for $accountName"

    # Add the useraccountdisabled flag (decimal value 4096)
    $user.userAccountControl[0] += 4096

    # Save the new value in the user object
    $user.SetInfo()

    "WORKSTATION_TRUST_ACCOUNT (0x1000 4096) has been added for $accountName"
}

Source: https://knowledge.zomers.eu/PowerShell/Pages/How-to-control-UserAccountControl-Active-Directory-flags-with-PowerShell.aspx

来源：https://stackoverflow.com/questions/34216863/how-to-set-user-account-flag-workstation-trust-account-in-active-directory-using