Re: password never expires

From: Chriss3 (noSpamHere_at_chrisse.se)
Date: 06/01/04 

Date: Tue, 1 Jun 2004 20:23:58 +0200

Configures a user account so that it will not expire. This is done by
setting the expiration date to 1/1/1970.

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

strBase = "<LDAP://ou=sales,dc=ladava,dc=com>"
strFilter =
";(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113
556.1.4.803:=65536))"
strAttributes = ";sAMAccountName,ADsPath"
strLevel = ";subtree"
objCommand.CommandText = strBase & strFilter & strAttributes & strLevel

objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
  Wscript.Echo objRecordSet.Fields("sAMAccountName")
   Set objUser = GetObject(objRecordSet.Fields("ADsPath"))
   intUAC = objUser.Get("userAccountControl")
   objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
   objUser.AccountExpirationDate = "01/01/1970"

   objUSer.SetInfo
  objRecordSet.MoveNext
Loop
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing

User cannot change password is more advanced i think you have to change the
NTSecurityDescriptor then, i leave that to Matjaz, Password never expires
should be fine. 

-- 
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
"Aone" <anonymous@discussions.microsoft.com> skrev i meddelandet
news:57D94173-AE16-41B3-B978-1CE08243DC55@microsoft.com...
> Thanks Matjaz,
> The script is working fine!
>
> In my requirement i need to uncheck both the
> 1) "user cannot change  password"
> 2) "Password never expires"     checkboxes.
>
> How to include this modification in the same script or in seperate script.

Relevant Pages

  • Re: AD password policy in Forms auth against AD
    ... > failed (due to lockout, disabled, expired, user must change password, etc. ... >> password expires ... >> possible with AD, I could set the expiration time to a year, and force ... >> hundred customers, where all customers will be stored in a AD (in their ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: removing the "password never expires" setting from LOCAL user (not Active Directory) a
    ... The code shouldn't set "User must change password at next logon". ... Note that with the LDAP provider, you assign the value 0 to the pwdLastSet ... > This does indeed remove the "Password never expires" option but it ...
    (microsoft.public.scripting.vbscript)
  • Re: Script to find user accounts where "Password never Expires"
    ... never expires" enabled or not. ... Does anyone have a script that can do this ... Dim strNTName ... Set objConnection = CreateObject ...
    (microsoft.public.windows.server.scripting)
  • Re: AD password policy in Forms auth against AD
    ... need a service account that can access the user account to read all of their ... (due to lockout, disabled, expired, user must change password, etc. vs. ... > password expires ... > hundred customers, where all customers will be stored in a AD (in their ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Local user properties set using scripts
    ... *user cannot change password. ... It set only password expires. ... objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD ...
    (microsoft.public.windows.server.scripting)