AD Attributes

Active Directory Attributes » Active Directory password attribute: ms-DS-User-Password-Not-Required

Active Directory password attribute: ms-DS-User-Password-Not-Required

This attribute shows whether a password is required for the user account.

CN ms-DS-User-Password-Not-Required
Ldap-Display-Name ms-DS-UserPasswordNotRequired
Attribute-Id 1.2.840.113556.1.4.1854
System-Id-Guid 8f066172-a25e-4f53-8dcd-0a67d5fb883d

For more details about this attribute, refer to this Microsoft document.

In Active Directory, you can override the domain password policy and set a blank password for a user account by setting the UserAccountControl attribute flag to PasswordNotRequired. If you haven’t realized yet, this is a big security hole that hackers can easily exploit. If you have any user accounts in your AD with blank passwords, you need to immediately find them and set PasswordNotRequired to false.

Active Directory Weak Password Users Report free tool helps you find weak passwords in Active Directory. You can then force the users with weak passwords to change their passwords the next time they log on, or use a password management solution such as ADSelfService Plus to granularly enforce a much stronger password policy.

Simplify password management with ADSelfService Plus.

  • Please enter a business email id
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.