Removing PasswordNotRequired settings or poilcy from specific AD user

Abdulrahman 61 Reputation points

How can I remove the passwornotrequired settings or policy from some specific users in my AD?

Any way through powershell or GUI?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,826 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,960 questions
No comments
{count} votes

Accepted answer
  1. Gary Reynolds 8,821 Reputation points


    I believe the Password Not Required option was once available in ADUC, however, it is no longer shown as a tick box option under the account tab. If you want to remove this you have to use the Attributes tab of the user properties to edit the attribute directly. The option is set in the UserAccountControl attribute, if set the option will be listed.


    To remove the option edit the UserAccountControl attribute and subtract 32 from the current value.


    Change the value to 512 (hex = 0x200).


    If you want to use Powershell to remove the Password Not Required option from a specific users use the follow script

    get-aduser -identity <samaccountname> -properties useraccountcontrol | set-aduser -passwordnotrequired $false  

    Change the samaccountname of the user you want to update.

    If you want to update all the users in the specific OU use the following script:

    get-aduser -ldapfilter "(&(objectclass=user)(useraccountcontrol:1.2.840.113556.1.4.804:=32))" -properties useraccountcontrol -searchbase "OU=Domain Users,DC=w2k12,DC=local" | set-aduser -PasswordNotRequired $false  

    Just update the searchbase parameters to point to the correct OU to search.


    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful