Locating user accounts in Active Directory that do not require a password

There may be times when someone is required to bulk import user accounts into Active Directory. Depending upon the method used you can be left with accounts that were created that do not require any password. You can run the following script to locate such accounts

Get-ADUser -Filter ‘useraccountcontrol -band 32’ -Properties CanonicalName, PasswordNotRequired | FT SamAccountname, PasswordNotRequired, CanonicalName -autosize

These are best located before auditors or “friendly” hackers come in and locate them for you.

Leave a Reply

Your email address will not be published. Required fields are marked *