Ever wondered how to re-activate an old Active Directory account and prevent a password change directly ? Like on a return paternity / maternity leave.
It’s really easy to do or script that way 🙂
pwdLastSet attribute is used to calculate the password age.
The value is protected, and the only value you can set there is 0 or -1.
The value you look for is -1, the system will put the pwdLastSet to the current date/time. Thus the 90 days, or any defined time period, will start again from the start.
0 would do the opposite, it would expire the password right now.
You set it to 0, manually or with a script, you then set it to -1 and uncheck the Never Expire option after for the account.
An example when used:
It’s that simple 🙂