Removing PasswordNotRequired settings or poilcy from specific AD user

Abdulrahman 101 Reputation points

How can I remove the passwornotrequired settings or policy from some specific users in my AD?

Any way through powershell or GUI?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,035 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,802 questions
0 comments No comments
{count} votes

Accepted answer
  1. Gary Reynolds 9,391 Reputation points


    I believe the Password Not Required option was once available in ADUC, however, it is no longer shown as a tick box option under the account tab. If you want to remove this you have to use the Attributes tab of the user properties to edit the attribute directly. The option is set in the UserAccountControl attribute, if set the option will be listed.


    To remove the option edit the UserAccountControl attribute and subtract 32 from the current value.


    Change the value to 512 (hex = 0x200).


    If you want to use Powershell to remove the Password Not Required option from a specific users use the follow script

    get-aduser -identity <samaccountname> -properties useraccountcontrol | set-aduser -passwordnotrequired $false  

    Change the samaccountname of the user you want to update.

    If you want to update all the users in the specific OU use the following script:

    get-aduser -ldapfilter "(&(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.804:=32))" -properties useraccountcontrol -searchbase "OU=Domain Users,DC=w2k12,DC=local" | set-aduser -PasswordNotRequired $false  

    Just update the searchbase parameters to point to the correct OU to search.


    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful