AD forcing "user must change"
I have a web service that interacts with Active Directory and have scoured the code. As far as i can tell, i am passing the value "false" for "user must change password at next login" to Active directory. However, on the active directory server i have just deployed the code to, the account that was just created has that value set to "true".
So..is there an active directory setting or policy that would override my passing false (pwdLastSet, -1) on my call? If so, how do i check to see if that policy is enforced? it's best if i can look it up in an LDAP browser or an ADFIND than if i have to log on to the server due to security issues.
Re: AD forcing "user must change"
Maybe something from the below link would be able to help you out:
http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx
Re: AD forcing "user must change"
alas no. I used this to verify that the code was setting it to -1 and moved on. The code doesn't appear to be the problem although i have asked them to show me that the value when passed is really -1. The problem seems to occur between the webservice call and the ad. And i noticed that some of my AD's have it auto checked when i change a password and some don't.
Re: AD forcing "user must change"
as stated in my post, i have already verified that the code sets -1 but the value in AD is 0.
Re: AD forcing "user must change"
Can you try to use the below script to change the LDAP string to reflect your users OU:
[ChangePassword.vbs]
Set objOU = GetObject("LDAP://ou=Accounting,dc=fabrikam,dc=com")
objOU.Filter = Array("user")
For Each objUser in objOU
objUser.pwdLastSet = 0
objUser.SetInfo
Next
Re: AD forcing "user must change"
Thanks everybody for help. I'm being told it 'just started working'. which may be code for "we found the problem and it WAS on our side".