PowerShell.com
Library » Script Library » Active Directory » Disable-UserCannotChangePassword

Disable-UserCannotChangePassword

Previous | Next | View all files | View Slideshow
posted by ps1
08-20-2009
Downloads: 376
File size: 1.3kB
Views: 1,235
Embed
Disable-UserCannotChangePassword
  1. ## ===================================================================== 
  2. ## Title       : Disable-UserCannotChangePassword 
  3. ## Description : Clears the 'User Cannot Change Password' checkbox on the user account in ADUC. 
  4. ##                   The user will be able to change his password. 
  5. ## Author      : Idera 
  6. ## Date        : 8/11/2009 
  7. ## Input       : No input 
  8. ##                                      
  9. ## Output      : System.DirectoryServices.DirectoryEntry 
  10. ## Usage       : Get-IADUser Jim* | Disable-UserCannotChangePassword 
  11. ##             
  12. ## Notes       : 
  13. ## Tag         : user, password, activedirectory 
  14. ## Change log  : 
  15. ## ===================================================================== 
  16.  
  17. filter Disable-UserCannotChangePassword
  18.  
  19.  
  20.  
  21.  
  22. if($_ -is [ADSI] -and $_.psbase.SchemaClassName -eq 'user'
  24.   $acl = $_.psbase.ObjectSecurity 
  25.   $deny = $acl.GetAccessRules($true,$false,[System.Security.Principal.NTAccount]) | ` 
  26.    Where-Object { ($_.IdentityReference -eq 'Everyone' -or $_.IdentityReference -eq 'NT AUTHORITY\SELF') ` 
  27.    -and $_.AccessControlType -eq 'Deny' -and $_.ActiveDirectoryRights -eq 'ExtendedRight'}  
  28.   if($deny
  29.   
  30.    $deny | Foreach-Object { $null = $acl.psbase.RemoveAccessRule($_) } 
  31.    $_.psbase.CommitChanges() 
  32.    $_ 
  33.   
  35. else 
  37.   Write-Warning "Invalid object type, only User objects are allowed" 
  38. }  

Clears the 'User Cannot Change Password' checkbox on the user account in ADUC.

Copyright 2012 PowerShell.com. All rights reserved.