Removing the no preauthentication required setting

Our final act on the account tab is to discover how we remove this setting.

$ou = "OU=England,DC=Manticore,DC=org"            
$name = "UserA"            
Get-ADUser -Identity $name |            
Set-ADAccountControl -DoesNotRequirePreAuth:$false            
"`nAD provider"            
$name = "UserB"            
$dn = "cn=$name,$ou"            
$flag = (Get-ItemProperty -Path AD:\$dn  -Name useraccountcontrol).useraccountcontrol -bxor 4194304            
Set-ItemProperty -Path AD:\$dn  -Name useraccountcontrol -Value "$flag" -Confirm:$false            
$name = "UserC"            
$user = Get-QADUser -Identity $name -IncludeAllProperties            
$flag = $user.userAccountControl -bxor 4194304            
$user.userAccountControl = $flag            
Set-QADUser -Identity $name -ObjectAttributes @{userAccountControl = $flag}            
$name = "UserD"            
$dn = "cn=$name,$ou"            
$user = [adsi]"LDAP://$dn"            
$flag = $user.userAccountControl.value -bxor 4194304            
$user.userAccountControl = $flag            

Its just the reverse of adding the setting

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>