How to Find and Fix AD Users Without Passwords? Keep Your Network Safe

Home » Cybersecurity » How to Find and Fix AD Users Without Passwords? Keep Your Network Safe

Table of Contents

Can You Really Spot Active Directory Users With Blank Passwords? Avoid This Risky Mistake
Why Is This a Problem?
How Does It Happen?
Example
What Does It Mean For Security?
How To Find Users With Blank Passwords
How To Fix The Problem
Tips for Staying Secure

Can You Really Spot Active Directory Users With Blank Passwords? Avoid This Risky Mistake

Active Directory sometimes allows domain user accounts to exist with blank passwords, even when a minimum password length policy is enforced. This loophole comes from the “Password Not Required” setting, linked to the PASSWD_NOTREQD attribute inside the userAccountControl property.

Why Is This a Problem?

Blank passwords make accounts easy targets. Attackers can quickly access sensitive resources with almost no effort.
Accounts with empty passwords let anyone sign in by just hitting “Enter.” This is a big risk for your company’s security.
Even strong password policies can be bypassed if this attribute is misconfigured or not regularly checked.

How Does It Happen?

The PasswordNotRequired attribute allows blank passwords, ignoring your policy.

You can set it using PowerShell:

Get-ADUser novach | Set-ADUser -PasswordNotRequired $true

You can also enable it with the Active Directory Users and Computers (ADUC) snap-in by modifying the userAccountControl attribute. Adding 32 to its current value enables the PASSWD_NOTREQD flag.

Example

Initial userAccountControl: 66048 (normal + password never expires)

Add 32: 66080 (enables password not required)

What Does It Mean For Security?

Users can’t set their own blank password. Only admins can do it, using either PowerShell or the ADUC tool.
If set, the user can log in on a Windows domain-joined computer with no password by pressing “Enter.”
Attackers love these vulnerabilities. Accounts like this are easy to find and simple to exploit.

How To Find Users With Blank Passwords

Use PowerShell to list every account that has the PasswordNotRequired flag set:

Get-ADUser -Filter {PasswordNotRequired -eq $true} -properties LastLogonTimestamp, PasswordNotRequired | ft SamAccountName,enabled, PasswordNotRequired , @{n=’LastLogonTimestamp’;e={[DateTime]::FromFileTime($_.LastLogonTimestamp)}}

Regularly run audits with this command or similar tools. Third-party tools can help automate these checks.

Review the results and take action immediately.

How To Fix The Problem

Set New Passwords

Set-ADAccountPassword novach -Reset

Disable Password Not Required

Get-ADUser -Identity novach | Set-ADUser -PasswordNotRequired $false -ChangePasswordAtLogon $true

Ensure the minimum password length policy is uniformly enforced on all accounts.

Schedule frequent audits—don’t rely on one-time checks.

Tips for Staying Secure

Enforce password policies, but also check attributes directly—it only takes one missed setting to create a weakness.
Educate admins on the risk and make auditing a regular part of management.
Use automation or third-party tools for better visibility.

Protect your network by staying alert to these simple but dangerous configuration mistakes. Fixing blank passwords takes just minutes, but helps keep your data safe and your team confident.