Skip navigation
password prompt

Reset Active Directory Users to Require Passwords

Q: I have some users who were configured in Active Directory to not require passwords. I need to reset their profiles to require passwords; how can I easily accomplish this?

A: There are several user account controls that configure user account security properties. These properties are documented in the Microsoft Support article "How to use the UserAccountControl flags to manipulate user account properties." You can use the Set-ADAccountControl cmdlet to easily manipulate these properties. For example, to require password use:

Set-ADAccountControl -PasswordNotRequired $false

You can combine various properties to create a single value stored in the UserAccountControl attribute. For an enabled account (512) with the password not required (32), the value is 544. This feature allows you to use a single line of Windows PowerShell code to reset any normal account that was configured to not require a password to require one going forward:

Get-ADUser –Filter {UserAccountControl -like "544"} | Set-ADAccountControl -PasswordNotRequired $false
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish