Active Directory: Reset the clock on an expired password for an account

Hi everyone

Ever wondered how to re-activate an old Active Directory account and prevent a password change directly ? Like on a return paternity / maternity leave.

It’s really easy to do or script that way 🙂

pwdLastSet attribute is used to calculate the password age.

The value is protected, and the only value you can set there is 0 or -1.

The value you look for is -1, the system will put the pwdLastSet to the current date/time. Thus the 90 days, or any defined time period, will start again from the start.

0 would do the opposite, it would expire the password right now.

You set it to 0, manually or with a script, you then set it to -1 and uncheck the Never Expire option after for the account.

An example when used:

Before

QRZy3

After

DooAx

It’s that simple 🙂

 

Thanks

 

 

Advertisements
This entry was posted in microsoft. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s