Configuring User Account Password Attributes

Microsoft® Windows® 2000 Scripting Guide

The topic "Reading User Account Password Attributes" demonstrated how to read the password attributes associated with a user account object. Reading these values is an excellent way to begin troubleshooting problems that might be related to a user account objects password attributes. If the issue is password related, configuring password attributes is the next important step.

You can configure password attributes to increase network security in a number of ways for example, by requiring users to change their passwords regularly or by enforcing the use of passwords. Configuring password attributes can also help maintain the proper operation of service accounts by keeping service account passwords from expiring.

How you configure password attributes of a user account from ADSI varies depending on the attribute:

  • Use the XOR bitwise operator to configure the flags in the userAccountControl attribute that correspond to the following settings:

    • Password required

    • Password never expires

    • Store password using reversible encryption

  • Set pwdLastSet to 0 or 1 to enable or disable the User must change password at next logon option.