Tip: You can list users with with “Store passwords using reversible encryption” enabled :
Important : Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.
|
1 2 3 4 5 |
# Disable "Store passwords using reversible encryption" Set-ADAccountControl -Identity user01 -AllowReversiblePasswordEncryption $false # List users with "Store passwords using reversible encryption" enabled Get-ADUser -Filter 'userAccountControl -band 128' -Properties userAccountControl |
Note 1: Get-ADUSer requires ActiveDirectory module.
Note 2 : UserAccountControl list available here.
