-
Password Expiration
We are running Active Directory on Windows 2003 server. We setup a policy
that users need to change password every 90 days. Is there a way to setup
one particular user account so that the password will expire on a certain
date (i.e. September 30, 2008) instead of expiring every 90 days?
Thanks.
-
Re: Password Expiration
Diane,
maximum password age affecting domain user accounts is a domain-level
setting - unless you are running Windows Server 2008 functional level
domain...
You can use a workaround by creating a custom script that will force the
designated user to change the password at the next logon and schedule it to
run on the target date...
hth
Marcin
-
Re: Password Expiration
Thanks for your prompt response.
Do you have any recommendation how I can go about creating a custom script?
"Marcin" <marcin@community.nospam> wrote in message
news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> Diane,
> maximum password age affecting domain user accounts is a domain-level
> setting - unless you are running Windows Server 2008 functional level
> domain...
> You can use a workaround by creating a custom script that will force the
> designated user to change the password at the next logon and schedule it
> to run on the target date...
>
> hth
> Marcin
-
Re: Password Expiration
The VBScript program could be similar to:
==========
Option Explicit
Dim objUser
' Bind to the specific user object, using the full Distinguished Name.
Set objUser = GetObject("LDAP://cn=Jim
Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
' Expire the password so it must be change at next logon.
objUser.pwdLastSet = 0
' Save Changes.
objUser.SetInfo
==========
Whenever this script runs, the user will need to change their password the
next time they logon. The tricky part is determining the Distinguished Name
of the user.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Diane Walker" <ett9300@yahoo.com> wrote in message
news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> Thanks for your prompt response.
>
> Do you have any recommendation how I can go about creating a custom
> script?
>
> "Marcin" <marcin@community.nospam> wrote in message
> news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
>> Diane,
>> maximum password age affecting domain user accounts is a domain-level
>> setting - unless you are running Windows Server 2008 functional level
>> domain...
>> You can use a workaround by creating a custom script that will force the
>> designated user to change the password at the next logon and schedule it
>> to run on the target date...
>>
>> hth
>> Marcin
>
>
-
Re: Password Expiration
Thanks very much.
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
> The VBScript program could be similar to:
> ==========
> Option Explicit
> Dim objUser
>
> ' Bind to the specific user object, using the full Distinguished Name.
> Set objUser = GetObject("LDAP://cn=Jim
> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>
> ' Expire the password so it must be change at next logon.
> objUser.pwdLastSet = 0
>
> ' Save Changes.
> objUser.SetInfo
> ==========
> Whenever this script runs, the user will need to change their password the
> next time they logon. The tricky part is determining the Distinguished
Name
> of the user.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Diane Walker" <ett9300@yahoo.com> wrote in message
> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> > Thanks for your prompt response.
> >
> > Do you have any recommendation how I can go about creating a custom
> > script?
> >
> > "Marcin" <marcin@community.nospam> wrote in message
> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> >> Diane,
> >> maximum password age affecting domain user accounts is a domain-level
> >> setting - unless you are running Windows Server 2008 functional level
> >> domain...
> >> You can use a workaround by creating a custom script that will force
the
> >> designated user to change the password at the next logon and schedule
it
> >> to run on the target date...
> >>
> >> hth
> >> Marcin
> >
> >
>
>
>
-
Re: Password Expiration
Is it possible to write a script so that the password will expire on a
certain date such as June 30, 2008? Thanks.
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
> The VBScript program could be similar to:
> ==========
> Option Explicit
> Dim objUser
>
> ' Bind to the specific user object, using the full Distinguished Name.
> Set objUser = GetObject("LDAP://cn=Jim
> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>
> ' Expire the password so it must be change at next logon.
> objUser.pwdLastSet = 0
>
> ' Save Changes.
> objUser.SetInfo
> ==========
> Whenever this script runs, the user will need to change their password the
> next time they logon. The tricky part is determining the Distinguished
Name
> of the user.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Diane Walker" <ett9300@yahoo.com> wrote in message
> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
> > Thanks for your prompt response.
> >
> > Do you have any recommendation how I can go about creating a custom
> > script?
> >
> > "Marcin" <marcin@community.nospam> wrote in message
> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
> >> Diane,
> >> maximum password age affecting domain user accounts is a domain-level
> >> setting - unless you are running Windows Server 2008 functional level
> >> domain...
> >> You can use a workaround by creating a custom script that will force
the
> >> designated user to change the password at the next logon and schedule
it
> >> to run on the target date...
> >>
> >> hth
> >> Marcin
> >
> >
>
>
>
-
Re: Password Expiration
In message <ehMl3CnfIHA.6136@TK2MSFTNGP03.phx.gbl> "Diane Walker"
<ett9300@yahoo.com> wrote:
>Is it possible to write a script so that the password will expire on a
>certain date such as June 30, 2008? Thanks.
I have not tested this, but in theory, couldn't you run the same script
but inserting a valid date for the last-changed, instead of "0"?
You'll need to do the math and make the last-changed date 'x' days in
the past (where 'x' is the max-age of passwords as defined by your group
policies).
Again, I haven't tested this, someone smarter then myself might know if
this works in the real world or not.
http://www.petri.co.il/ldap_search_s...d_exchange.htm
has a link to help you convert dates.
-
Re: Password Expiration
You can only set pwdLastSet to 2 values; 0 and -1. 0 forces "password must
be changed at next logon" and -1 tells the directory to set the last changed
date to "now", essentially giving the user a new lease on their current
password for the entire expiration interval. You can't set it to a specific
date value though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Diane Walker" <ett9300@yahoo.com> wrote in message
news:ehMl3CnfIHA.6136@TK2MSFTNGP03.phx.gbl...
> Is it possible to write a script so that the password will expire on a
> certain date such as June 30, 2008? Thanks.
>
> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
> message news:Oa9s$oGfIHA.4164@TK2MSFTNGP05.phx.gbl...
>> The VBScript program could be similar to:
>> ==========
>> Option Explicit
>> Dim objUser
>>
>> ' Bind to the specific user object, using the full Distinguished Name.
>> Set objUser = GetObject("LDAP://cn=Jim
>> Smith,ou=Sales,ou=West,dc=MyDomain,dc=com")
>>
>> ' Expire the password so it must be change at next logon.
>> objUser.pwdLastSet = 0
>>
>> ' Save Changes.
>> objUser.SetInfo
>> ==========
>> Whenever this script runs, the user will need to change their password
>> the
>> next time they logon. The tricky part is determining the Distinguished
> Name
>> of the user.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "Diane Walker" <ett9300@yahoo.com> wrote in message
>> news:ezjeoiweIHA.5160@TK2MSFTNGP05.phx.gbl...
>> > Thanks for your prompt response.
>> >
>> > Do you have any recommendation how I can go about creating a custom
>> > script?
>> >
>> > "Marcin" <marcin@community.nospam> wrote in message
>> > news:5BFE0FAA-1E4F-4505-979F-38F079EF6869@microsoft.com...
>> >> Diane,
>> >> maximum password age affecting domain user accounts is a domain-level
>> >> setting - unless you are running Windows Server 2008 functional level
>> >> domain...
>> >> You can use a workaround by creating a custom script that will force
> the
>> >> designated user to change the password at the next logon and schedule
> it
>> >> to run on the target date...
>> >>
>> >> hth
>> >> Marcin
>> >
>> >
>>
>>
>>
>
>
-
Re: Password Expiration
In message <dl6ss3dsr71hpnm6b5kscvsagn498j9car@4ax.com> DevilsPGD
<spam_narf_spam@crazyhat.net> wrote:
>Again, I haven't tested this, someone smarter then myself might know if
>this works in the real world or not.
Ahh, I guess not... Joe's post gives a suggestion though :)
Page generated in 1,714,037,503.44813 seconds with 11 queries