Re: Password Expiration

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Diane Walker" <ett9300@xxxxxxxxx>
Date: Tue, 4 Mar 2008 19:26:39 -0800

Is it possible to write a script so that the password will expire on a
certain date such as June 30, 2008? Thanks.

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:Oa9s$oGfIHA.4164@xxxxxxxxxxxxxxxxxxxxxxx

The VBScript program could be similar to:
==========
Option Explicit
Dim objUser

' Bind to the specific user object, using the full Distinguished Name.
Set objUser = GetObject("LDAP://cn=Jim
Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")

' Expire the password so it must be change at next logon.
objUser.pwdLastSet = 0

' Save Changes.
objUser.SetInfo
==========
Whenever this script runs, the user will need to change their password the
next time they logon. The tricky part is determining the Distinguished

Name

of the user.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Diane Walker" <ett9300@xxxxxxxxx> wrote in message
news:ezjeoiweIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx

Thanks for your prompt response.

Do you have any recommendation how I can go about creating a custom
script?

"Marcin" <marcin@xxxxxxxxxxxxxxxx> wrote in message
news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@xxxxxxxxxxxxxxxx

Diane,
maximum password age affecting domain user accounts is a domain-level
setting - unless you are running Windows Server 2008 functional level
domain...
You can use a workaround by creating a custom script that will force

the

designated user to change the password at the next logon and schedule

to run on the target date...

hth
Marcin

Follow-Ups:
- Re: Password Expiration
  - From: Joe Kaplan
- Re: Password Expiration
  - From: DevilsPGD

References:
- Re: Password Expiration
  - From: Richard Mueller [MVP]

Prev by Date: Re: Password Expiration
Next by Date: Re: Password Expiration
Previous by thread: Re: Password Expiration
Next by thread: Re: Password Expiration
Index(es):
- Date
- Thread

Relevant Pages

Re: Force password reset for administrator
... My script is in fact doing the same as yours. ... Is also required to set the password reset bit. ... logf.WriteLine(" Set administrator account to password changed after next ... expired, your code would configure so passwords no longer expire. ...
(microsoft.public.scripting.vbscript)
Re: AD Script to set passwords to expire in 10 days
... I'm saying to run the script that sets the pwdLastSet attribute in scheduled maner. ... "Joe Kaplan" wrote in message ... Co-author of "The .NET Developer's Guide to Directory Services ... If you set the value to -1 and changed your domain pwd policy so that passwords expire in 10 days, then everyone's password would expire in 10 days, so that might get you what you want. ...
(microsoft.public.windows.server.active_directory)
Re: Privision User must change password at next logon, if password changed, set password never expir
... I am looking for help in being able to create a script that will ... To set "user must change password at next logon", ... ' Bind to OU with Distinguished Name of OU. ... ' Expire password, so user must change password at next logon. ...
(microsoft.public.scripting.vbscript)
Re: Help With Password Last Changed
... password to expire in 1 day and everyone but my test user was set to ... to have the passwords expire after 90 days. ... dtmValue = objUserLDAP.PasswordLastChanged ... This is the script I was using. ...
(microsoft.public.windows.server.active_directory)
Re: Password Expiration
... ' Expire the password so it must be change at next logon. ... Whenever this script runs, the user will need to change their password the ... maximum password age affecting domain user accounts is a domain-level ... You can use a workaround by creating a custom script that will force the ...
(microsoft.public.windows.server.active_directory)