Re: Password Expiration

You can only set pwdLastSet to 2 values; 0 and -1. 0 forces "password must
be changed at next logon" and -1 tells the directory to set the last changed
date to "now", essentially giving the user a new lease on their current
password for the entire expiration interval. You can't set it to a specific
date value though.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Diane Walker" <ett9300@xxxxxxxxx> wrote in message
news:ehMl3CnfIHA.6136@xxxxxxxxxxxxxxxxxxxxxxx
Is it possible to write a script so that the password will expire on a
certain date such as June 30, 2008? Thanks.

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:Oa9s$oGfIHA.4164@xxxxxxxxxxxxxxxxxxxxxxx
The VBScript program could be similar to:
==========
Option Explicit
Dim objUser

' Bind to the specific user object, using the full Distinguished Name.
Set objUser = GetObject("LDAP://cn=Jim
Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")

' Expire the password so it must be change at next logon.
objUser.pwdLastSet = 0

' Save Changes.
objUser.SetInfo
==========
Whenever this script runs, the user will need to change their password
the
next time they logon. The tricky part is determining the Distinguished
Name
of the user.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Diane Walker" <ett9300@xxxxxxxxx> wrote in message
news:ezjeoiweIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for your prompt response.

Do you have any recommendation how I can go about creating a custom
script?

"Marcin" <marcin@xxxxxxxxxxxxxxxx> wrote in message
news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@xxxxxxxxxxxxxxxx
Diane,
maximum password age affecting domain user accounts is a domain-level
setting - unless you are running Windows Server 2008 functional level
domain...
You can use a workaround by creating a custom script that will force
the
designated user to change the password at the next logon and schedule
it
to run on the target date...

hth
Marcin









.

Relevant Pages

  • Re: Password Expiration
    ... ' Expire the password so it must be change at next logon. ... Whenever this script runs, the user will need to change their password the ... maximum password age affecting domain user accounts is a domain-level ... You can use a workaround by creating a custom script that will force the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password Expiration
    ... ' Expire the password so it must be change at next logon. ... Whenever this script runs, the user will need to change their password the ... maximum password age affecting domain user accounts is a domain-level ... You can use a workaround by creating a custom script that will force ...
    (microsoft.public.windows.server.active_directory)
  • Re: Users last logon info from logon script
    ... I put this line in the users logon script: ... If I run the script manually, it shows the last logon time. ... I guess it is because Windows update the lastlogon attribute once a user ... Then, for each Domain Controller, ADO is used to search the ...
    (microsoft.public.security)
  • Re: slow logon
    ... in the logon time have been reduced so far. ... update the time for the clients that talk to the dc as the logon server. ... start up script in AD to apply updates to the clients machines which is ...
    (microsoft.public.windows.server.active_directory)
  • Logon Script Causing Laptops To Hang - Problems in script?
    ... I'm using the following script to map drives, ... functions when users logon to our domain. ... 'Disconnects Drives This assures everyone has the same drive mappings. ... objNetwork.MapNetworkDrive strTrainDrv, strPath ...
    (microsoft.public.scripting.vbscript)