Announcement

Collapse
No announcement yet.

The "User Cannot Change Password" attribute of the AD User object.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The "User Cannot Change Password" attribute of the AD User object.

    I'm trying to get a report/extract showing what user accounts are set to "Password Never Expires" and "User cannot change password". The Password never expires shows up in the "useraccountcontrol" attribute but I can't find the "User cannot change password" attribute anywhere.

    If this attribute is stored somewhere else is there a way to get a report showing it by user ?

  • #2
    Re: The "User Cannot Change Password" attribute of the AD User object.

    I'm not seeing it in the AD fields, so as a test use the Exporter under Tools->Run Exporter to see if that will display a field for this.

    Comment


    • #3
      Re: The "User Cannot Change Password" attribute of the AD User object.

      AD does not maintain some of the user flags properly, so unfortunately you can't use AD functions to see or modify these fields.

      See http://groups.google.com/group/microsoft...=2&hl=en#b3fac3 8b9bf628fc

      for a discussion on this.

      Only older NT functions can be used to get this particular value, and only the older Exporter tool will use those functions on an NT domain.

      The other GUI way to see this value in Hyena for multiple users is to add the AD domain into Hyena as a Windows domain using File->Manage Object View. Right click on the Users object under the 'NT' domain, and select View All User Details. I don't recommend modifying the user accounts through the NT domain, however, just use it for viewing.
      Kevin Stanush
      SystemTools Software Inc.

      Comment

      Working...
      X