Re: Forcing password change with PwdLastSet=0 doesn't work
- From: £Jim <nospam@xxxxxxxx>
- Date: Tue, 19 Aug 2008 07:27:12 -0700
Thanks, I think that's probably it. Most of the accounts are set never
to expire.
--
Joseph T Corey wrote:
Yes, if the "Password never expires" flag is set within thehttp://www.microsoft.com/technet/scriptcenter/resources/qanda/oct06/hey1031.mspx
userAccountControl bitmask of an account, a value of 0 in pwdLastSet
won't do anything. You aren't getting an error because ADSI will
"allow" you to manually set the value. If you give this a shot in
ADU&C, you'll notice that both "User must change password at next
logon" and "Password never expires" can never be set at the same time
without being greeted by an error message. The reason is that
pwdLetSet essentially expires that password - but you've explicitly
(either intentionally or unintentionally) told AD that the user
cannot have an expired password. Take a look at the following to
programmatically find out if this is the case (you can always just
look at the properties of an object as well).
http://support.microsoft.com/kb/305144.
http://msdn.microsoft.com/en-us/library/aa772300.aspx
- References:
- Forcing password change with PwdLastSet=0 doesn't work
- From: £Jim
- Re: Forcing password change with PwdLastSet=0 doesn't work
- From: Joseph T Corey
- Forcing password change with PwdLastSet=0 doesn't work
- Prev by Date: Re: Change notification using AD
- Next by Date: Re: Forcing password change with PwdLastSet=0 doesn't work
- Previous by thread: Re: Forcing password change with PwdLastSet=0 doesn't work
- Next by thread: Re: Forcing password change with PwdLastSet=0 doesn't work
- Index(es):
Relevant Pages
|
