stackoom
  简体   繁体   中英

Changing user properties in powershell

 原文  2013-07-12 14:05:46       powershell

Question

I have a script that creates a user and assigns the password and the user to a group but I need to get 2 check boxes ticked - 'User cannot change password' and 'Password never expires' but for the life of me I cannot find out how to do this.

My script so far is this:- 

# Create User and add to IGNITEWEBUSERS Group
$user = $domain

# If more then 15 chars trim to just 15 chars
$user = $user.substring(0, 15)
$user = $user + "_web"

# Generate Random Complex Password
# Generate a password with 2 non-alphanumeric character.
$Length = 10
$Assembly = Add-Type -AssemblyName System.Web
$RandomComplexPassword = [System.Web.Security.Membership]::GeneratePassword($Length,2)
$password = $RandomComplexPassword

$group = 'IGNITEWEBUSERS'
$objOu = [ADSI]"WinNT://$computer"
$objUser = $objOU.Create("User", $user)
$objUser.setpassword($password)
$objUser.SetInfo()
$objUser.description = $domain + " IIS User"
$objUser.SetInfo()
$OBjOU = [ADSI]"WinNT://$computer/$group,group"
$OBjOU.Add("WinNT://$computer/$user")

That works and does what it should do but anyone know how I can set those 2 check boxes? Various threads suggest something similar to Set-ADUser -CannotChangePassword:$true but am not using Active Directory and this doesn't work.

Your advice appreciated

Paul

3 answers

solution1
 8 ACCPTED  2013-07-15 14:14:30

今天早上弄明白: - 

$objUser.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD

solution2
 4  2013-07-13 23:32:48

Set the useraccountcontrol property. You can find a list of useraccountcontrol flags here: http://support.microsoft.com/kb/305144

Add the values of the flags you want (NORMAL_ACCOUNT = 512, PASSWD_CANT_CHANGE = 64, DONT_EXPIRE_PASSWORD = 65536) for a total of 66112, and set the property to that number: 

$obUser.useraccountcontrol = 66112

BTW, you only need to call the SetInfo() method once at the end, after setting all the properties you want to set.

solution3
 0  2013-07-12 16:01:11

Use WMI to get the user account: 

# Use this filter so WMI doesn't spend forever talking to domain controllers.
$user = Get-WmiObject Win32_UserAccount -Filter ("Domain='{0}' and Name='{1}'" -f $env:ComputerName,$Username)
$user.PasswordChangeable = $false
$user.PasswordExpires = $false
$user.Put()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Changing MSBuild properties from Powershell script Error when changing AD properties in Powershell Powershell - Comparing AD User Properties in CSV file Powershell - Get user properties for a given OU Update custom user profile properties - Powershell - SharePoint Sitecore 8 PowerShell Get-User Custom Properties Powershell - Changing form item properties in a foreach loop dynamically PowerShell Active Directory Loop Through All User Properties Updating Active Directory user properties in Active Directory using Powershell Microsoft Graph in PowerShell, Get-MgUser -Select multiple user properties
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM