Re: AD Script to set passwords to expire in 10 days

You can't set pwdLastSet to any value other than -1 or 0. Please try it if
you don't believe me. Otherwise, I don't know what you mean.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:8636F2A6-6B53-4A53-9D99-23CBFE8D802F@xxxxxxxxxxxxxxxx
Hi
Can't be done?
what about running that script schedule to a specific date and time...

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23mH0vAFMHHA.4916@xxxxxxxxxxxxxxxxxxxxxxx
Can't be done. You can't set the pwdLastSet attribute to a specific
date. You can only set it to 0, which is essentially "password must be
changed at next logon", or -1 which set the date to "now". If you set
the value to -1 and changed your domain pwd policy so that passwords
expire in 10 days, then everyone's password would expire in 10 days, so
that might get you what you want.

You also need to make sure that all users who will expire are NOT set to
"password never expires".

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Andrea" <ahayworth@xxxxxxxxxxxxxx> wrote in message
news:1167949045.285887.122940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Good Afternoon,

I have been asked to write an AD script that will set the user accounts
of an OU to expire in 10 days. I found a script that showed how to set
a password to expire now, but I need the 10 day warning. Does anyone
know how to do this?

Thanks! :)






.

Relevant Pages

  • Re: AD Script to set passwords to expire in 10 days
    ... and changed your domain pwd policy so that passwords expire in 10 days, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I have been asked to write an AD script that will set the user accounts ...
    (microsoft.public.windows.server.active_directory)
  • Re: Force password reset for administrator
    ... My script is in fact doing the same as yours. ... Is also required to set the password reset bit. ... logf.WriteLine(" Set administrator account to password changed after next ... expired, your code would configure so passwords no longer expire. ...
    (microsoft.public.scripting.vbscript)
  • Re: AD Script to set passwords to expire in 10 days
    ... I'm saying to run the script that sets the pwdLastSet attribute in scheduled maner. ... "Joe Kaplan" wrote in message ... Co-author of "The .NET Developer's Guide to Directory Services ... If you set the value to -1 and changed your domain pwd policy so that passwords expire in 10 days, then everyone's password would expire in 10 days, so that might get you what you want. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Privision User must change password at next logon, if password changed, set password never expir
    ... I am looking for help in being able to create a script that will ... To set "user must change password at next logon", ... ' Bind to OU with Distinguished Name of OU. ... ' Expire password, so user must change password at next logon. ...
    (microsoft.public.scripting.vbscript)
  • Re: Help With Password Last Changed
    ... password to expire in 1 day and everyone but my test user was set to ... to have the passwords expire after 90 days. ... dtmValue = objUserLDAP.PasswordLastChanged ... This is the script I was using. ...
    (microsoft.public.windows.server.active_directory)
Loading