PHP, Active Directory, User Account Control

Adding to James Sloan's answer, here is the flag list :

public function findFlags($flag) {

    $flags    = array();
    $flaglist = array(
               1 => 'SCRIPT',
               2 => 'ACCOUNTDISABLE',
               8 => 'HOMEDIR_REQUIRED',
              16 => 'LOCKOUT',
              32 => 'PASSWD_NOTREQD',
              64 => 'PASSWD_CANT_CHANGE',
             128 => 'ENCRYPTED_TEXT_PWD_ALLOWED',
             256 => 'TEMP_DUPLICATE_ACCOUNT',
             512 => 'NORMAL_ACCOUNT',
            2048 => 'INTERDOMAIN_TRUST_ACCOUNT',
            4096 => 'WORKSTATION_TRUST_ACCOUNT',
            8192 => 'SERVER_TRUST_ACCOUNT',
           65536 => 'DONT_EXPIRE_PASSWORD',
          131072 => 'MNS_LOGON_ACCOUNT',
          262144 => 'SMARTCARD_REQUIRED',
          524288 => 'TRUSTED_FOR_DELEGATION',
         1048576 => 'NOT_DELEGATED',
         2097152 => 'USE_DES_KEY_ONLY',
         4194304 => 'DONT_REQ_PREAUTH',
         8388608 => 'PASSWORD_EXPIRED',
        16777216 => 'TRUSTED_TO_AUTH_FOR_DELEGATION',
        67108864 => 'PARTIAL_SECRETS_ACCOUNT'
    );
    for ($i=0; $i<=26; $i++){
        if ($flag & (1 << $i)){
            array_push($flags, 1 << $i);
        }
    }
    foreach($flags as $k=>&$v) {
        $v = $v . ' '  . $flaglist[$v];
    }
    return $flags;
}

Came upon the same situation today and it is more concise with:

$flag_to_find = 530;
$flags = array();
for ($i=0; $i<=26; $i++){
  if ($flag_to_find & (1 << $i)){
    array_push($flags, 1 << $i);
  }  
}
print_r($flags);

I think that even though the original post asks in a general way, the problem is specific to just certain flags that need to be checked. Using the very helpful list in Bill C's response:

$userAccountControl = 514; // Get this from AD

// using bitwise AND: 
// this will be the right hand value if it's set, 0 if not

$isAccountDisabled = ($userAccountControl & 2) == 2; 
$isNormalAccount = ($userAccountControl & 512) == 512;

And if the need is to update the value (which I think is the programmatic need of the original question, such as enabling the account):

$userAccountControl = 514; // Get this from AD

// using bitwise AND NOT: 
// this will assure the right hand value is not set

$userAccountControl = $userAccountControl & ~2; // enable the account

// using bitwise OR:
// this will assure the right hand value is set

$userAccountControl = $userAccountControl | 512; // assure normal account

There is a nice abstract function example in the php bitwise operators docs that could be used to develop a generalized solution for AD flags: http://php.net/manual/en/language.operators.bitwise.php#108679.