blog.icewolf.ch

Let's talk about IT!
posts - 2204, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Understand and Remove PASSWD_NOTREQD Flag from userAccountControl

Hallo all,

I've already blogged how to read the Active Directory Attribute "userAccountControl"

How to read the value of AD Attribute userAccountControl

Today i came across some users that had the Property "PASSWD_NOTREQD" (Password not required) set.
For a regular user you just can add 512 (NORMAL_ACCOUNT) + 32 (PASSWD_NOTREQD) = 544


With the following Exchange Commandlet you can show the Attribute "userAccountControl", which also translates the value.

Get-User -Identity f.fischer | fl userAccountControl


You can also get the same with the Active Directory Module

Get-ADUser -Identity f.fischer -Properties userAccountControl | fl


To show all accounts, which have the Flag "PasswordNotRequired" use the following command.

Get-ADUser -Filter {PasswordNotRequired -eq $true} | ft name, UserPrincipalName


To remove the Flag "PasswordNotRequired" use this PowerShell Command

Set-ADUser -Identity f.fischer -PasswordNotRequired $false
Get-ADUser -Identity f.fischer -Properties userAccountControl | fl


Now it's back to 512 (NORMAL_ACCOUNT)


Get-User -Identity f.fischer | fl userAccountControl


More Information:
Understanding and Remediating "PASSWD_NOTREQD"

Best Regards
Andres Bohren


Print | posted on Thursday, January 6, 2022 9:53 PM | Filed Under [ Windows ]

Powered by:
Powered By Subtext Powered By ASP.NET