set_change_pwd_allowed

Use the set_change_pwd_allowed command to modify the ADS_UF_PASSWD_CANT_CHANGE flag in the UserAccountControl attribute. This flag controls whether an Active Directory user can change his or her domain password. You must specify the distinguished name of a valid Active Directory user account that should be allowed to change his or her password.

Syntax

set_change_pwd_allowed userdn

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

userdn

string

Required. Specifies the distinguished name of the Active Directory user who is allowed to change his or her password.

Return value

This command returns nothing if it runs successfully.

Examples

set_change_pwd_allowed CN=frank.smith,CN=Users,DC=ajax,DC=test
get_object_field sd
(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)

This example deselects the “User cannot change password” account property for the Active Directory user frank.smith.

Related Tcl library commands

The following commands perform actions related to this command:

  • create_aduser creates a new Active Directory user account and sets the password for the account.
  • set_change_pwd_denied prevents an Active Directory user from changing the domain password for his or her account.