vrmanrtell
asked on
"Do not require Kerberos Preauthentication" powershell script
Hi everyone!
We have a legacy app that was recently upgraded. Unfortunately the upgrade didnt have the ability for kerberos pre-authentication. I now have to go through 800 users that use the app to enable "Do not require Kerberos pre-authentication". I have searched high and low and cannot find a powershell command to turn that on to alleviate the kerberos errors until the vendor fixes their app.
Any idea how I can enable that option in the user accounts per OU?
Thank you for your time!!!
-GL
We have a legacy app that was recently upgraded. Unfortunately the upgrade didnt have the ability for kerberos pre-authentication. I now have to go through 800 users that use the app to enable "Do not require Kerberos pre-authentication". I have searched high and low and cannot find a powershell command to turn that on to alleviate the kerberos errors until the vendor fixes their app.
Any idea how I can enable that option in the user accounts per OU?
Thank you for your time!!!
-GL
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's tough to say without knowing your ad structure. But in the simplest example you should be able to perform the following.
Get-aduser your user name | Set-ADAccountControl -doesnotrequirepreauth $true
That should set it for your account.
Get-aduser your user name | Set-ADAccountControl -doesnotrequirepreauth $true
That should set it for your account.
For other filters take a look at this page.
http://blogs.msdn.com/b/adpowershell/archive/2009/04/14/active-directory-powershell-advanced-filter-part-ii.aspx
Basically it will depend on wheter there is some kind of common identifying trait your users will have that you want to set. Do they all live in the same OU? Are they all members of a certain group? Etc.
You could always do filter * but that would return all accounts you may not need this set on admin/service/other accounts. That is why I mentioned it is specific to your AD structure.
http://blogs.msdn.com/b/adpowershell/archive/2009/04/14/active-directory-powershell-advanced-filter-part-ii.aspx
Basically it will depend on wheter there is some kind of common identifying trait your users will have that you want to set. Do they all live in the same OU? Are they all members of a certain group? Etc.
You could always do filter * but that would return all accounts you may not need this set on admin/service/other accounts. That is why I mentioned it is specific to your AD structure.
ASKER
WHOA hold da phone! Ive been using ADUC since it came out and didnt know about the multiple select! GEEZ!
Anyway i just showed that trick to my other admins and they didnt know about it either! ha!
Ok, for anyone searching how to do it, the correct command is as follows (there were some spelling errors in your original command Joseph Daly.
get-aduser -filter * -searchbase "OU=ouname,DC=domain,DC=co
THANKS FOR THE HELP GUYS!
Anyway i just showed that trick to my other admins and they didnt know about it either! ha!
Ok, for anyone searching how to do it, the correct command is as follows (there were some spelling errors in your original command Joseph Daly.
get-aduser -filter * -searchbase "OU=ouname,DC=domain,DC=co
THANKS FOR THE HELP GUYS!
Sorry about the misspellings I answer from my iPhone
ASKER
Anyway you can help me with the filter? Im good at taking commands and tweaking them but I have no formal training in Powershell.