Removing PasswordNotRequired settings or poilcy from specific AD user

Abdulrahman 61 Reputation points
2022-08-30T20:19:01.457+00:00

How can I remove the passwornotrequired settings or policy from some specific users in my AD?

Any way through powershell or GUI?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,826 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,960 questions
Accepted answer
  1. Gary Reynolds 8,821 Reputation points
    2022-09-01T07:56:25.75+00:00

    Hi,

    I believe the Password Not Required option was once available in ADUC, however, it is no longer shown as a tick box option under the account tab. If you want to remove this you have to use the Attributes tab of the user properties to edit the attribute directly. The option is set in the UserAccountControl attribute, if set the option will be listed.

    236737-image.png

    To remove the option edit the UserAccountControl attribute and subtract 32 from the current value.

    236843-image.png

    Change the value to 512 (hex = 0x200).

    236844-image.png

    If you want to use Powershell to remove the Password Not Required option from a specific users use the follow script 

    get-aduser -identity <samaccountname> -properties useraccountcontrol | set-aduser -passwordnotrequired $false

    Change the samaccountname of the user you want to update.

    If you want to update all the users in the specific OU use the following script: 

    get-aduser -ldapfilter "(&(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.804:=32))" -properties useraccountcontrol -searchbase "OU=Domain Users,DC=w2k12,DC=local" | set-aduser -PasswordNotRequired $false

    Just update the searchbase parameters to point to the correct OU to search.

    Gary.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest