Password-Not-Required attribute is true. Does this mean that the user can log on withour password?

Kervin Paul R. Vinluan 31 Reputation points


I've noted that there are user accounts in Active Directory with Password-Not-Required ( value equals to "true". Does this mean that the user can log on without a password? Does this override Group Policy for account logons?

Thank you,


Microsoft Entra
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 29,771 Reputation points Microsoft Employee

    Hi @KervinPaulRVinluan-0523 ,

    Yes, this can override group policy and make it so that your accounts do not have passwords required. This can cause a security gap, but you can easily fix it by querying for the accounts that have "Password-Not-Required" = true and switching the setting to false.

    First, you can get the list of all user accounts that do not require a password:

     Get-ADUser -Filter {PasswordNotRequired -eq $true}

    Then you can correct the accounts using:

     Get-ADUser -Identity User2 | Set-ADUser -PasswordNotRequired $false

    5 people found this answer helpful.