Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Password Expiration

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-02-2008
Diane Walker
 
Posts: n/a
Password Expiration

We are running Active Directory on Windows 2003 server. We setup a policy
that users need to change password every 90 days. Is there a way to setup
one particular user account so that the password will expire on a certain
date (i.e. September 30, 2008) instead of expiring every 90 days?

Thanks.



Reply With Quote
  #2  
Old 29-02-2008
Marcin
 
Posts: n/a
Re: Password Expiration

Diane,
maximum password age affecting domain user accounts is a domain-level
setting - unless you are running Windows Server 2008 functional level
domain...
You can use a workaround by creating a custom script that will force the
designated user to change the password at the next logon and schedule it to
run on the target date...

hth
Marcin

Reply With Quote
  #3  
Old 01-03-2008
Diane Walker
 
Posts: n/a
Re: Password Expiration

Thanks for your prompt response.

Do you have any recommendation how I can go about creating a custom script?

"Marcin" <marcin@community.nospam> wrote in message
news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> Diane,
> maximum password age affecting domain user accounts is a domain-level
> setting - unless you are running Windows Server 2008 functional level
> domain...
> You can use a workaround by creating a custom script that will force the
> designated user to change the password at the next logon and schedule it
> to run on the target date...
>
> hth
> Marcin



Reply With Quote
  #4  
Old 01-03-2008
Richard Mueller [MVP]
 
Posts: n/a
Re: Password Expiration

The VBScript program could be similar to:
==========
Option Explicit
Dim objUser

' Bind to the specific user object, using the full Distinguished Name.
Set objUser = GetObject("LDAP://cn=Jim
Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")

' Expire the password so it must be change at next logon.
objUser.pwdLastSet = 0

' Save Changes.
objUser.SetInfo
==========
Whenever this script runs, the user will need to change their password the
next time they logon. The tricky part is determining the Distinguished Name
of the user.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Diane Walker" <ett9300@yahoo.com> wrote in message
news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> Thanks for your prompt response.
>
> Do you have any recommendation how I can go about creating a custom
> script?
>
> "Marcin" <marcin@community.nospam> wrote in message
> news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
>> Diane,
>> maximum password age affecting domain user accounts is a domain-level
>> setting - unless you are running Windows Server 2008 functional level
>> domain...
>> You can use a workaround by creating a custom script that will force the
>> designated user to change the password at the next logon and schedule it
>> to run on the target date...
>>
>> hth
>> Marcin

>
>




Reply With Quote
  #5  
Old 05-03-2008
Diane Walker
 
Posts: n/a
Re: Password Expiration

Thanks very much.

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
> The VBScript program could be similar to:
> ==========
> Option Explicit
> Dim objUser
>
> ' Bind to the specific user object, using the full Distinguished Name.
> Set objUser = GetObject("LDAP://cn=Jim
> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>
> ' Expire the password so it must be change at next logon.
> objUser.pwdLastSet = 0
>
> ' Save Changes.
> objUser.SetInfo
> ==========
> Whenever this script runs, the user will need to change their password the
> next time they logon. The tricky part is determining the Distinguished

Name
> of the user.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Diane Walker" <ett9300@yahoo.com> wrote in message
> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> > Thanks for your prompt response.
> >
> > Do you have any recommendation how I can go about creating a custom
> > script?
> >
> > "Marcin" <marcin@community.nospam> wrote in message
> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> >> Diane,
> >> maximum password age affecting domain user accounts is a domain-level
> >> setting - unless you are running Windows Server 2008 functional level
> >> domain...
> >> You can use a workaround by creating a custom script that will force

the
> >> designated user to change the password at the next logon and schedule

it
> >> to run on the target date...
> >>
> >> hth
> >> Marcin

> >
> >

>
>
>



Reply With Quote
  #6  
Old 05-03-2008
Diane Walker
 
Posts: n/a
Re: Password Expiration

Is it possible to write a script so that the password will expire on a
certain date such as June 30, 2008? Thanks.

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
> The VBScript program could be similar to:
> ==========
> Option Explicit
> Dim objUser
>
> ' Bind to the specific user object, using the full Distinguished Name.
> Set objUser = GetObject("LDAP://cn=Jim
> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>
> ' Expire the password so it must be change at next logon.
> objUser.pwdLastSet = 0
>
> ' Save Changes.
> objUser.SetInfo
> ==========
> Whenever this script runs, the user will need to change their password the
> next time they logon. The tricky part is determining the Distinguished

Name
> of the user.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Diane Walker" <ett9300@yahoo.com> wrote in message
> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> > Thanks for your prompt response.
> >
> > Do you have any recommendation how I can go about creating a custom
> > script?
> >
> > "Marcin" <marcin@community.nospam> wrote in message
> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> >> Diane,
> >> maximum password age affecting domain user accounts is a domain-level
> >> setting - unless you are running Windows Server 2008 functional level
> >> domain...
> >> You can use a workaround by creating a custom script that will force

the
> >> designated user to change the password at the next logon and schedule

it
> >> to run on the target date...
> >>
> >> hth
> >> Marcin

> >
> >

>
>
>



Reply With Quote
  #7  
Old 05-03-2008
DevilsPGD
 
Posts: n/a
Re: Password Expiration

In message <ehMl3CnfIHA.6136@TK2MSFTNGP03.phx.gbl> "Diane Walker"
<ett9300@yahoo.com> wrote:

>Is it possible to write a script so that the password will expire on a
>certain date such as June 30, 2008? Thanks.


I have not tested this, but in theory, couldn't you run the same script
but inserting a valid date for the last-changed, instead of "0"?

You'll need to do the math and make the last-changed date 'x' days in
the past (where 'x' is the max-age of passwords as defined by your group
policies).

Again, I haven't tested this, someone smarter then myself might know if
this works in the real world or not.

http://www.petri.co.il/ldap_search_s...d_exchange.htm
has a link to help you convert dates.
Reply With Quote
  #8  
Old 05-03-2008
Joe Kaplan
 
Posts: n/a
Re: Password Expiration

You can only set pwdLastSet to 2 values; 0 and -1. 0 forces "password must
be changed at next logon" and -1 tells the directory to set the last changed
date to "now", essentially giving the user a new lease on their current
password for the entire expiration interval. You can't set it to a specific
date value though.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Diane Walker" <ett9300@yahoo.com> wrote in message
news:ehMl3CnfIHA.6136@TK2MSFTNGP03.phx.gbl...
> Is it possible to write a script so that the password will expire on a
> certain date such as June 30, 2008? Thanks.
>
> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
> message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
>> The VBScript program could be similar to:
>> ==========
>> Option Explicit
>> Dim objUser
>>
>> ' Bind to the specific user object, using the full Distinguished Name.
>> Set objUser = GetObject("LDAP://cn=Jim
>> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>>
>> ' Expire the password so it must be change at next logon.
>> objUser.pwdLastSet = 0
>>
>> ' Save Changes.
>> objUser.SetInfo
>> ==========
>> Whenever this script runs, the user will need to change their password
>> the
>> next time they logon. The tricky part is determining the Distinguished

> Name
>> of the user.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "Diane Walker" <ett9300@yahoo.com> wrote in message
>> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
>> > Thanks for your prompt response.
>> >
>> > Do you have any recommendation how I can go about creating a custom
>> > script?
>> >
>> > "Marcin" <marcin@community.nospam> wrote in message
>> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
>> >> Diane,
>> >> maximum password age affecting domain user accounts is a domain-level
>> >> setting - unless you are running Windows Server 2008 functional level
>> >> domain...
>> >> You can use a workaround by creating a custom script that will force

> the
>> >> designated user to change the password at the next logon and schedule

> it
>> >> to run on the target date...
>> >>
>> >> hth
>> >> Marcin
>> >
>> >

>>
>>
>>

>
>



Reply With Quote
  #9  
Old 05-03-2008
DevilsPGD
 
Posts: n/a
Re: Password Expiration

In message <dl6ss3dsr71hpnm6b5kscvsagn498j9car@4ax.com> DevilsPGD
<spam_narf_spam@crazyhat.net> wrote:

>Again, I haven't tested this, someone smarter then myself might know if
>this works in the real world or not.


Ahh, I guess not... Joe's post gives a suggestion though :)
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Password Expiration"
Thread Thread Starter Forum Replies Last Post
Disabling password expiration ghu Active Directory 8 20-09-2010 04:04 PM
Stop Password Expiration in windows XP Marlon Tips & Tweaks 2 04-11-2008 11:47 AM
Password expiration carmelo Windows Server Help 2 26-04-2008 10:43 PM
14 days password expiration notification purvagarg Active Directory 2 03-03-2008 12:32 PM
Net user add & password expiration Guilhem Windows Server Help 4 04-05-2006 01:19 PM


All times are GMT +5.5. The time now is 03:48 AM.