I responded to a USENET AD Group post back in March 2007 and unfortunately someone pinged me on it and said the command line I specified didn’t work. I looked at it and immediately saw that I had made a mistake.
The post can be found here: http://help.lockergnome.com/windows2/enforce-password-required–ftopict483580.html
The AdFind query is supposed to find all user objects that are set such that the password is not required. The query I wrote won’t find anything like that unless you happen to have a user with a sAMAccountName of 805306368 and it has the flag set. Highly unlikely I expect… 😉
This is the incorrect command string:
adfind -gcb -bit -f "&(samaccountname=805306368)(useraccountcontrol:AND:=32)" useraccountcontrol -adcsv | admod useraccountcontrol::{{.:CLR:32}} -unsafe
The is what the command string should have been
adfind -gcb -bit -f "&(samaccounttype=805306368)(useraccountcontrol:AND:=32)" useraccountcontrol -adcsv | admod useraccountcontrol::{{.:CLR:32}} -unsafe
The 2007 version of joe is in need of some serious smack down with responses like that 😛
+1
😉