Active Directory

Understand PASSWD_NOTREQD Flag

This flag allows to have a fully functioning account with a blank password (even with a valid domain password policy in place). If this flag is set for any accounts in domain, can login with blank password.

PASSWD_NOTREQD

Generally below flags are being set or configured on user’s accounts.

  • ACCOUNTDISABLE (2)
  • NORMAL_ACCOUNT (512)
  • DONT_EXPIRE_PASSWORD (65536)
  • PASSWD_CANT_CHANGE (64)

Please go through below flag chart to get to know about all flag which are available in UserAccountControl.

Property flag Value in hexadecimal Value in decimal
SCRIPT 0x0001 1
ACCOUNTDISABLE 0x0002 2
HOMEDIR_REQUIRED 0x0008 8
LOCKOUT 0x0010 16
PASSWD_NOTREQD 0x0020 32
PASSWD_CANT_CHANGE  0x0040 64
ENCRYPTED_TEXT_PWD_ALLOWED 0x0080 128
TEMP_DUPLICATE_ACCOUNT 0x0100 256
NORMAL_ACCOUNT 0x0200 512
INTERDOMAIN_TRUST_ACCOUNT 0x0800 2048
WORKSTATION_TRUST_ACCOUNT 0x1000 4096
SERVER_TRUST_ACCOUNT 0x2000 8192
DONT_EXPIRE_PASSWORD 0x10000 65536
MNS_LOGON_ACCOUNT 0x20000 131072
SMARTCARD_REQUIRED 0x40000 262144
TRUSTED_FOR_DELEGATION 0x80000 524288
NOT_DELEGATED 0x100000 1048576
USE_DES_KEY_ONLY 0x200000 2097152
DONT_REQ_PREAUTH 0x400000 4194304
PASSWORD_EXPIRED 0x800000 8388608
TRUSTED_TO_AUTH_FOR_DELEGATION 0x1000000 16777216

To check all accounts, which have the Flag “PasswordNotRequired” use the following PowerShell command.

PS C:\> Get-ADUser -Filter {PasswordNotRequired -eq $true} | ft name, UserPrincipalName

name UserPrincipalName
—- —————–
Guest
Amar (Rmp) Tiwary
vipan Kumar vipan.kumar-azure@Windowstechno.local
Neha Neha.Thakur@windowstechno.com
SHELL$

PS C:\>

PASSWD_NOTREQD-Export

Use below PowerShell Command to remove this flag- “PasswordNotRequired”

Set-ADUser -Identity Neha.Thakur -PasswordNotRequired $false

PS C:\> Set-ADUser -Identity Neha.Thakur -PasswordNotRequired $false
PASSWD_NOTREQD-removed

Please check more Understanding and Remediating “PASSWD_NOTREQD”
https://docs.microsoft.com/en-us/archive/blogs/russellt/passwd_notreqd

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button