Re: How to Modify Password Expire date for AD User account
- From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 22 Jul 2006 16:42:12 -0500
Hi,
There is no way to set the password expiration date.
The pwdLastSet attribute of the user object represents the date the password
was last set. The maxPwdAge attribute of the domain object represents how
long passwords can age before they expire. maxPwdAge applies to all user
objects in the domain. The userAcccountControl attribute of the user object
has bits that indicate if the password expires for that user, and if the
password can change. The domain password age policy only applies if the
password can change and expires.
The problem is that you cannot assign values to pwdLastSet, except 0 and -1.
Assigning 0 to pwdLastSet expires the password so the user must change it
the next time they logon. Assigning -1 resets this requirement, so the user
does not have to change their password the next time they logon. When the
user next logs on, pwdLastSet is changed to a value corresponding to the
current date/time, so the password will expire according to the domain
policy (maxPwdAge).
The best you can do is expire the password immediately, or have it expire
maxPwdAge time after the next logon.
What are you trying to accomplish by assigning a password expiration date?
Maybe someone knows of a workaround.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"B" <B@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:303CF80A-058A-4C27-9086-1CA00CC6AB2D@xxxxxxxxxxxxxxxx
Thank you very much for your reply. I am looking for the Password Expire
Date, not Account expire date. Does anybody help me? Sincerely,
"Richard Mueller" wrote:
Hi,
It should be:
objUser.AccountExpirationDate = #03/30/2005#
objUser.SetInfo
Date literals are enclosed in # symbols and this property method deals
with
date datatypes.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"B" <B@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EB554B1F-31D7-4968-9D40-4FC81CAF9417@xxxxxxxxxxxxxxxx
Freddy,
It did not work. I did not get any message after running this script.
I
thought, it worked, but it did not. Expire date was the same.
"freddy" wrote:
Try this script
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com";)
objUser.AccountExpirationDate = "03/30/2005"
objUser.SetInfo
"B" wrote:
I would like to know how to modify Password Expire date for AD User
account
by scripting. Can anybody help me? Thank you,
.
- References:
- Re: How to Modify Password Expire date for AD User account
- From: Richard Mueller
- Re: How to Modify Password Expire date for AD User account
- Prev by Date: How to get a list of existing local groups on a computer ?
- Next by Date: Re: How to get a list of existing local groups on a computer ?
- Previous by thread: Re: How to Modify Password Expire date for AD User account
- Next by thread: Re: Delete only XP printers
- Index(es):
Relevant Pages
|
