Results 1 to 6 of 6

Thread: AD forcing "user must change"

  1. #1
    Join Date
    Jun 2011
    Posts
    6

    AD forcing "user must change"

    I have a web service that interacts with Active Directory and have scoured the code. As far as i can tell, i am passing the value "false" for "user must change password at next login" to Active directory. However, on the active directory server i have just deployed the code to, the account that was just created has that value set to "true".

    So..is there an active directory setting or policy that would override my passing false (pwdLastSet, -1) on my call? If so, how do i check to see if that policy is enforced? it's best if i can look it up in an LDAP browser or an ADFIND than if i have to log on to the server due to security issues.

  2. #2
    Join Date
    Dec 2007
    Posts
    2,291

    Re: AD forcing "user must change"

    Maybe something from the below link would be able to help you out:

    http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

  3. #3
    Join Date
    Jun 2011
    Posts
    6

    Re: AD forcing "user must change"

    alas no. I used this to verify that the code was setting it to -1 and moved on. The code doesn't appear to be the problem although i have asked them to show me that the value when passed is really -1. The problem seems to occur between the webservice call and the ad. And i noticed that some of my AD's have it auto checked when i change a password and some don't.

  4. #4
    Join Date
    Jun 2011
    Posts
    6

    Re: AD forcing "user must change"

    as stated in my post, i have already verified that the code sets -1 but the value in AD is 0.

  5. #5
    Join Date
    Dec 2007
    Posts
    1,736

    Re: AD forcing "user must change"

    Can you try to use the below script to change the LDAP string to reflect your users OU:

    [ChangePassword.vbs]

    Set objOU = GetObject("LDAP://ou=Accounting,dc=fabrikam,dc=com")
    objOU.Filter = Array("user")

    For Each objUser in objOU
    objUser.pwdLastSet = 0
    objUser.SetInfo
    Next

  6. #6
    Join Date
    Jun 2011
    Posts
    6

    Re: AD forcing "user must change"

    Thanks everybody for help. I'm being told it 'just started working'. which may be code for "we found the problem and it WAS on our side".

Similar Threads

  1. Replies: 6
    Last Post: 21-12-2011, 02:17 PM
  2. Replies: 3
    Last Post: 29-05-2011, 01:45 AM
  3. Replies: 1
    Last Post: 28-05-2011, 12:00 PM
  4. Replies: 1
    Last Post: 27-01-2011, 07:28 PM
  5. Replies: 1
    Last Post: 25-12-2008, 10:53 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,680,004,814.58033 seconds with 17 queries