Overview#
The user cannot change the password.
You cannot assign the permission settings of PASSWD_CANT_CHANGE by directly modifying the UserAccountControl attribute.
Notes#
- The PASSWD_CANT_CHANGE value is apparently controlled by a ACL within Active Directory.
- Note You cannot assign this permission by directly modifying the UserAccountControl attribute. For information about how to set the permission programmatically, see the "Property flag descriptions" section.
- PASSWD_CANT_CHANGE is an Access Control Entry (ACE) for the object and search for the ACEs that have the change password GUID ({AB721A53-1E2F-11D0-9819-00AA0040529B})
More Information#
There might be more information for this subject on one of the following:- Dirxml-uACPasswordCantChange
- MMC Account Tab
- SCIM Password Management Extension
- User-Account-Control Attribute
- User-Account-Control Attribute Values
- [#1] - User Cannot Change Password (LDAP Provider)
- based on information obtained 2019-01-18-