Skip to main content

Configure UserAccountControl Flags to Manipulate User Account Properties as (UF_PASSWD_NOTREQD)


Use the information in this document – which is based on – to manipulate user account properties via LDP in order to eliminate the UF_PASSWD_NOTREQD flag for the affected user.

Modify the AD Attribute

To modify the AD attribute:

1. From LDP, connect/bind to the domain with an account that has write privs for all attribute (e.g. Domain admin)

2. Under the "View" pull-down menu, select tree and select the Base DN for the domain

3. Expand and find the user account with which you are working

4. Select in the left pane the user's CN, right-click and select M odify

5. In the Edit Entry section, add the following (Attribute: userAccountControl) and (Values: 512)

6. In the Operation section, select the radio button next to "Replace"

7. Select the "Enter" button to the right of the Operation section

8. Select the "Run" button at the bottom of the dialogue

If successful the result should show:
***Call Modify... ldap_modify_s(ld, 'CN=kellyg,CN=Users,DC=HQ,DC=Multifa,DC=com,DC=local',[1] attrs); Modified "CN=kellyg,CN=Users,DC=HQ,DC=Multifa,DC=com,DC=local". -----------

Verify settings

To verify settings:

1. Select in the left pane the user's CN and double-click

2. View the attributes again

The result, regardless of what previously appeared (UF_PASSWD-NOTREQD or UF_DONT_EXPIRE_PASSWD, etc.) will be replaced by UF_NORMAL_ACCOUNT, which in most cases will appear (as shown in the original screenshot), and is what should appear.