We have written a simple perl script which binds to a AD domain controller and allows AD users to reset their password across multiple systems through one simple interface (Unix, LDAP etc.). The script modifies the unicodePwd attribute in active directory and we've successfully tested that indeed the user account password does change. We have an additional script which generates an email and notifies users that their password is over X number of days old. We're finding that the pwdLastSet field is not updating as a result of the password change. Is there some process that comes along and updates this attribute on a schedule? I've found that when using the change password functionality within XP/2K etc., the pwdLastSet field updates instantly.
Anyone have any ideas? Thanks!