I have a script that creates a user and assigns the password and the user to a group but I need to get 2 check boxes ticked - ‘User cannot change password’ and ‘Password never expires’ but for the life of me I cannot find out how to do this.
My script so far is this:-

Create User and add to IGNITEWEBUSERS Group

$user = $domain

If more then 15 chars trim to just 15 chars

$user = $user.substring(0, 15)
$user = $user + “_web”

Generate Random Complex Password

Generate a password with 2 non-alphanumeric character.

$Length = 10
$Assembly = Add-Type -AssemblyName System.Web
$RandomComplexPassword = [System.Web.Security.Membership]::GeneratePassword($Length,2)
$password = $RandomComplexPassword

$group = ‘IGNITEWEBUSERS’
$objOu = [ADSI]“WinNT://$computer”
$objUser = $objOU.Create(“User”, $user)
$objUser.setpassword($password)
$objUser.SetInfo()
$objUser.description = $domain + " IIS User"
$objUser.SetInfo()
$OBjOU = [ADSI]“WinNT://$computer/$group,group”
$OBjOU.Add(“WinNT://$computer/$user”)

The script works and does what it should do but anyone know how I can set those 2 check boxes?
Various other forums suggest either of these 2 ways.

$user.PasswordChangeable = $false
$user.PasswordExpires = $false

or

$objUser.useraccountcontrol = 66112

The first suggestion doesn’t work with an error of :-

Property ‘PasswordChangeable’ cannot be found on this object

and the second one gives me an error of:-

Cannot set the Value property for PSMemberInfo object of type “System.Management.Automation.PSMethod”

Anyone got any ideas?

Paul

This blog post should have you covered:

If not, after reviewing that post come back with more questions.

Thanks,

Kirk out.

Many thanks for your response - I figure it out earlier this morning with the following:-

$objUser.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD