|
Depends on how the user is created. If using ADSI, you
cannot specify a password while creating the user so if you have a password
length policy then you have to create the account disabled or set to allow a
blank password or both.
With the raw LDAP API (and I would expect S.DS.Protocols),
you can create an enabled user because you can specify the password in the ADD
op. You can do that with admod if you like.
Note that an account set with 544 doesn't necessarily have
a blank password, but it could be.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 16, 2006 5:19 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] userAccountControl 544 I think I’ve
figured it out. J Thanks
all. :m:dsm:cci:mvp |
marcusoh.blogspot.com From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Oh, Marcus (CCI-Atlanta) Trying to understand this
value. Seeing it set on some of my user objects. So … 512 would be a
normal user but 32 means that no password is required. When a new user
object is created, my understanding (by reading quite a few threads) is that 544
is the default uac. Does this sound
right? Is there a
point when something doesn’t need to listen to domain policy? It should
fail to meet standards by the password length… now, I’m not sure how I
can verify the actual
password is set to nothing. One on particular account, I’ve tried logging
in with a blank password but get a bad password failure. Thanks
all! |
Title: userAccountControl 544
- [ActiveDir] userAccountControl 544 Marcus.Oh
- RE: [ActiveDir] userAccountControl 544 Marcus.Oh
- RE: [ActiveDir] userAccountControl 544 joe
- RE: [ActiveDir] userAccountControl 544 Marcus.Oh
- Re: [ActiveDir] userAccountControl 544 Michael B Allen
