Avatar of Dallas Smetter
Dallas SmetterFlag for United States of America asked on

Using userAccountControl to set *both* PASSWD_CANT_CHANGE and DONT_EXPIRE_PASSWORD

I know how to use one or the other, but how can I achieve both?
Active DirectoryWindows Server 2008Powershell

Avatar of undefined
Last Comment
Steven Carnahan

8/22/2022 - Mon
Contigo1

You should be able to set both in AD users and computers by right clicking on the user going to properties > Account

Then selecting the User cannot change password and Password never expires settings.
SOLUTION
Steven Carnahan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Dallas Smetter

I need to do this for nearly a quarter million users, so I can't do it manually.

I'll try pony10us's suggestion and post back.

Thanks!
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Dallas Smetter

And we can also, in this situation, use the userAccountControl setting to ensure that student passwords never expire while applying a GPO so that it can't be changed ;-)
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Steven Carnahan

Just for reference using what I provided you have many other settings available but I only gave you the ones you requested.  Here are the most common settings:

const int UF_ACCOUNTDISABLE = 0x0002;
const int UF_PASSWD_NOTREQD = 0x0020;
const int UF_PASSWD_CANT_CHANGE = 0x0040;
const int UF_NORMAL_ACCOUNT = 0x0200;
const int UF_DONT_EXPIRE_PASSWD = 0x10000;
const int UF_SMARTCARD_REQUIRED = 0x40000;
const int UF_PASSWORD_EXPIRED = 0x800000;

all you have to do is add the ones you want to this line:

int userControlFlags = UF_PASSWD_NOTREQD + UF_DONT_EXPIRE_PASSWD;