Active Directory password attribute: ms-DS-User-Password-Not-Required
This attribute shows whether a password is required for the user account.
| CN | ms-DS-User-Password-Not-Required |
| Ldap-Display-Name | ms-DS-UserPasswordNotRequired |
| Attribute-Id | 1.2.840.113556.1.4.1854 |
| System-Id-Guid | 8f066172-a25e-4f53-8dcd-0a67d5fb883d |
For more details about this attribute, refer to this Microsoft document.
In Active Directory, you can override the domain password policy and set a blank password for a user account by setting the UserAccountControl attribute flag to PasswordNotRequired. If you haven’t realized yet, this is a big security hole that hackers can easily exploit. If you have any user accounts in your AD with blank passwords, you need to immediately find them and set PasswordNotRequired to false.
Active Directory Weak Password Users Report free tool helps you find weak passwords in Active Directory. You can then force the users with weak passwords to change their passwords the next time they log on, or use a password management solution such as ADSelfService Plus to granularly enforce a much stronger password policy.
Simplify password management with ADSelfService Plus.
Self-service password management and single sign-on solution
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.
Free Download- Related Products