Preventing a User Password Change

Updated: February 28, 2009

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to prevent a user from changing his or her password.

The following example demonstrates how to prevent the user JaneDow from changing her password.

Set-ADAccountControl -Identity JaneDow -CannotChangePassword $true

You can use the following parameters when you set many of the common values that are associated with user account control in Active Directory Domain Services (AD DS).

  • -AllowReversiblePasswordEncryption

  • -TrustedForDelegation

  • -PasswordNeverExpires

  • -AccountNotDelegated

  • -DoesNotRequirePreAuth

  • -TrustedToAuthForDelegation

  • -UseDESKeyOnly

  • -PasswordNotRequired

  • -CannotChangePassword

  • -Enabled

  • -HomedirRequired

  • -MNSLogonAccount

For a full explanation of the parameters that you can pass to Set-ADAccountControl, at the Active Directory module command prompt, type Get-Help Set-ADAccountControl –detailed, and then press ENTER.

Community Additions