And you are done! Keep in mind that if Password would be indeed empty above command wouldn't work and give you an error. You would need to investigate such an account whether indeed such account should be left without a password. There are reasons that password for some account is not set, but for standard users, this shouldn't happen really. Running above code is fairly safe. As long as you won't remove WhatIf no changes will be done to your Active Directory. I would recommend trying out the first command, then working out what you need and what you don't need with a second script block, finally running fix on the users that we wanted to fix.