Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2274
  • Last Modified:

Powershell-script: Modify of local(non-AD)-user accounts

I am looking for an [adsi]("WinNT://./$strUser, user") --> psbase.invoke("?","?") command for enabling 'Password never expires' and 'User cannot change password'.

I have succesfully build a script that changes passwords according to an CSV-file - see attached script, and now imagine adding two lines of code doing the job.

Help is greatly appreciated...
{
    $ImportUserListPath = "E:\Anders\JmaWebUserNamesPasswords.csv"

    $users = Import-Csv $ImportUserListPath
    Foreach ($user in $users)
    {

    $strUser = $User.username
    $strPWD = $User.Password
    $strUser
    $LocalUser =[adsi]("WinNT://./$strUser, user")
    $LocalUser.psbase.invoke("SetPassword", $strPWD)
    # Password never expires: $LocalUser.psbase.invoke( ??? )
    # User cannot change password: $LocalUser.psbase.invoke( ??? )
    }
}

setPasswordFromCSV

Open in new window

0
jmateknik
Asked:
jmateknik
1 Solution
 
KingRCommented:
QAD can only be used for AD accounts, not local.

I haven't tried this myself, but both these entries are userflags so you should be able to set the value of the userflag for the account. A good list of the values (which you simply add together) is at http://www.motobit.com/help/usrmgr/cl16.htm
0
 
Chris DentPowerShell DeveloperCommented:

Just like this...

Chris
# Constant values for these user flags
$UFCannotChangePwd = 64
$UFPwdNeverExpires = 65536


{
    $ImportUserListPath = "E:\Anders\JmaWebUserNamesPasswords.csv"

    $users = Import-Csv $ImportUserListPath
    Foreach ($user in $users)
    {

    $strUser = $User.username
    $strPWD = $User.Password
    $strUser
    $LocalUser =[adsi]("WinNT://./$strUser, user")
    $LocalUser.psbase.invoke("SetPassword", $strPWD)
    # Bitwise OR to add the existing value with the new flag
    $LocalUser.Put("UserFlags", $LocalUser.Get("UserFlags") -BOr $UFCannotChangePwd)
    $LocalUser.Put("UserFlags", $LocalUser.Get("UserFlags") -BOr $UFPwdNeverExpires)
    # Commit the change
    $LocalUser.SetInfo()
    }
}

setPasswordFromCSV

Open in new window

0
 
jmateknikAuthor Commented:
I Humbly thanks for the joy that this script has spread - exellent! :)
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now