• State Not Answered
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 2698 views
  • Users 0 members are here
Options
Related

New-QADComputer userAccountControl Active Roles

leejohnc
over 3 years ago

I noticed that with Active Roles 7.4.3.and 7.4.1 that the New-QADComputer commandlet is ignoring userAccountControl values.  It will only set 4128 PASSWD_NOTREQD

We have a ARS policy that will enforce 4096, and the MMC and WebUI appear to set it, but in fact set 4128.   Trying to create an account via powershell will net this

 New-QADComputer : Corporate policy violation. The 'userAccountControl' property value does not conform to corporate policy.

The specified value '4128' does not conform to policy requirements.

At line:2 char:1

+ New-QADComputer -ParentContainer ...

Here's the powershell I'm running 

 New-QADComputer -Name 'anewComputer' `

                -SamAccountName 'anewComputer$' `

                -ParentContainer "domain/ou/ou/..." `

                -IncludedProperties  userAccountControl,

                                     edsaJoinComputerToDomain `

                -ObjectAttributes @{userAccountControl=4096;

                                   'edsaJoinComputerToDomain'='domain\auser'

                                   } `

                

                -proxy `

                -service arsadminservice 

Parents Reply
  • 0 over 3 years ago in reply to JohnnyQuest

    No, that didn't work either.  Set-QADComputer -identity blahblah -objectattributes  @{edsaDoNotRequirePassword=$False} -proxy does work, as does Set-QADComputer -identity blahblah -objectattributes  @{userAccountControl=4096} -proxy

    I think what we got right here JohnnyQuest is the appearance of a bug in new-qadcomputer

    For the moment I'm going to put a script in the policy that does an onPostCreate and runs set-qadcomputer

Children