Active Directory: mass change the option: The user cannot change the password

Windows Server 2019

You want to increase the security level of your Active Directory environment, but historically the option: User cannot change password was enabled.

The script below allows you to modify this option in bulk on your entire directory or just one UO.

# Get user whith CannotChangePassword true / Edit SearchBase
$users = Get-ADUser -Filter * -Properties CannotChangePassword -SearchBase "OU=OUNAME,DC=domain,DC=lan" | where { $_.CannotChangePassword -eq "true" }

# Browse Users and change to false CannotChangePassword
foreach( $user in $users){
 Set-ADUser $user -CannotChangePassword $False
}
Active DirectoryScripts
Active DirectoryPasswordPowerShellScriptsUser
Soutenir
LinkedInReddit

📚 Articles similaires

Romain Drouche
System Architect | MCSE: Core Infrastructure
IT infrastructure expert with over 15 years of field experience. Currently a Systems and Networks Project Manager and Information Systems Security (ISS) expert, I use my expertise to ensure the reliability and security of technological environments.

Leave a Comment