Modify "user cannot change password" flag

Modify "user cannot change password" flag

There is no AD command that can manage the "user cannot change password" flag, the only way to access this flag is to use the SamAccount command Account.Edit, which is very easy if you already have SamAccountNames in one of the data columns. If you do not have the SamAccountNames you will have to use the ADValue function to translate from common name to SamAccountName.

Example 1 - SamAccountNames known (or same as CN)

[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=4
Account.Password.CannotChange=Yes
[Settings_End]

[Machines_Begin]
\\main04
[Machines_End]

[Batch_Begin]
Data.Loop
Account.Edit %col1%
Data.Endloop
[Batch_End]

[Data_Begin]
acc1
acc2
acc3
[Data_End]

Example 2 - SamAccountNames not known

[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=4
Account.Password.CannotChange=Yes
SET ADDomainPath=dc=com/dc=acme/dc=D31
SET ADOUPath=%ADDomainPath%/ou=MyOU
[Settings_End]

[Machines_Begin]
\\main04
[Machines_End]

[Batch_Begin]
Data.Loop
SET col0=ADValue (ADPath,%ADOUPath%/cn=%col1%,samAccountName)
// Variable "col0" now contains samAccountName
//  (name "col0" chosen to "fool" syntax checker)
Account.Edit %col0%
Data.Endloop
[Batch_End]

[Data_Begin]
acc1
acc2
acc3
[Data_End]