Setting a User's Account Options

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to set a user’s account options. These options are controlled by the userAccountControl attribute in Active Directory Domain Services (AD DS).


The following example demonstrates how to set a variety of user account control attributes for the user Ann Beebe:

Set-ADAccountControl -Identity 'CN=Ann Beebe,OU=HumanResources,OU=UserAccounts,DC=FABRIKAM,DC=COM' -HomedirRequired $true -PasswordNeverExpires $true -ChangePasswordAtNextLogon $true -PasswordNotRequired $false

Additional information

You can use the following parameters when you set many of the common values that are associated with user account control in AD DS:


  • -AllowReversiblePasswordEncryption

  • -TrustedForDelegation

  • -PasswordNeverExpires

  • -AccountNotDelegated

  • -DoesNotRequirePreAuth

  • -TrustedToAuthForDelegation

  • -UseDESKeyOnly

  • -PasswordNotRequired

  • -CannotChangePassword

  • -Enabled

  • -HomedirRequired

  • -MNSLogonAccount

For a full explanation of the parameters that you can pass to Set-ADAccountControl, at the Active Directory module command prompt, type Get-Help Set-ADAccountControl –detailed, and then press ENTER.