I have a script that creates a user and assigns the password and the user to a group but I need to get 2 check boxes ticked - ‘User cannot change password’ and ‘Password never expires’ but for the life of me I cannot find out how to do this.
My script so far is this:-
Create User and add to IGNITEWEBUSERS Group
$user = $domain
If more then 15 chars trim to just 15 chars
$user = $user.substring(0, 15)
$user = $user + “_web”
Generate Random Complex Password
Generate a password with 2 non-alphanumeric character.
$Length = 10
$Assembly = Add-Type -AssemblyName System.Web
$RandomComplexPassword = [System.Web.Security.Membership]::GeneratePassword($Length,2)
$password = $RandomComplexPassword
$group = ‘IGNITEWEBUSERS’
$objOu = [ADSI]“WinNT://$computer”
$objUser = $objOU.Create(“User”, $user)
$objUser.setpassword($password)
$objUser.SetInfo()
$objUser.description = $domain + " IIS User"
$objUser.SetInfo()
$OBjOU = [ADSI]“WinNT://$computer/$group,group”
$OBjOU.Add(“WinNT://$computer/$user”)
The script works and does what it should do but anyone know how I can set those 2 check boxes?
Various other forums suggest either of these 2 ways.
$user.PasswordChangeable = $false
$user.PasswordExpires = $false
or
$objUser.useraccountcontrol = 66112
The first suggestion doesn’t work with an error of :-
Property ‘PasswordChangeable’ cannot be found on this object
and the second one gives me an error of:-
Cannot set the Value property for PSMemberInfo object of type “System.Management.Automation.PSMethod”
Anyone got any ideas?
Paul