UF_PASSWD_NOTREQD Flag Set in DC's userAccountControl

Discussion in 'Active Directory' started by Infrastructure Guy, Jun 8, 2007.

  1. DCDIAG reveals that someone set the userAccountControl on 1 of my 6 DCs to
    0x82020 instead of leaving it at 0x82000. This sets the UF_PASSWD_NOTREQD
    flag.

    I just inherited this domain and see no reason not to set the
    userAccountControl back to 0x82000. I see nothing special running on this
    DC. Does anyone know any reason not to set it back?

    Does anyone know of any 3rd party software that requires the
    UF_PASSWD_NOTREQD flag?

    Thanks.
     
    Infrastructure Guy, Jun 8, 2007
    #1
    1. Advertisements

  2. Infrastructure Guy

    Cary Shultz Guest

    IFG,

    I do not know of any software that would require this. Furthermore, I would
    be very suspicions of any that did!

    I would set up a lab environment and play with this before doing so in a
    production environment. You do have six Domain Controllers (I am going to
    assume that there are multiple Sites involved....). While there should be
    no issues with doing this I must say that I have never done this (set to
    0x82020 and then switched it to 0x82020). I would hate to find out the hard
    way...

    Cary
     
    Cary Shultz, Jun 11, 2007
    #2
    1. Advertisements

  3. In
    Hi Cary,

    What I think may be happening is the one entry on the one DC that is
    different is possibly the original DC created in the domain. The reason I
    believe this is when the first DC is created, it will need to allow the
    admin account to have a NULL password (blank). But once other DCs are added,
    the Default Domain Policy forces them to not allow a NULL password, well at
    least with Windows 2003.

    Maybe someone else can verify this.


    --
    Regards,
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Infinite Diversities in Infinite Combinations

    Having difficulty reading or finding responses to your post?
    Instead of the website you're using, try using OEx (Outlook Express
    or any other newsreader), and configure a news account, pointing to
    news.microsoft.com. Anonymous access. It's free - no username or password
    required nor do you need a Newsgroup Usenet account with your ISP. It
    connects directly to the Microsoft Public Newsgroups. OEx allows you
    o easily find, track threads, cross-post, sort by date, poster's name,
    watched threads or subject. It's easy:

    How to Configure OEx for Internet News
    http://support.microsoft.com/?id=171164

    "Quitting smoking is easy. I've done it a thousand times." - Mark Twain
     
    Ace Fekay [MVP], Jun 12, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.