Solved

Uncheck "password never expires" on a user account.

Posted on 2009-06-30
2
2,041 Views
Last Modified: 2012-05-07
I made a tool for our support team that allows them to reset a user's AD password and require them to change it on next logon. The problem is that if "password never expires" is checked it will change the password but not require the user to change it at next logon. Is there a way to tell if it is checked and uncheck it if it is? Below is part of the code
DirectoryEntry de = GetUser(theUserToChange);
            try
            {
 
                if (de != null)
                {
                    string NewPassword = "password";
               // here I would like to check to see if "password never expires" is checked and if 
              // so uncheck it before setting the new password.
                    de.Invoke("SetPassword", new object[] { NewPassword });
                    de.Properties["pwdLastSet"].Value = 0;
                    de.CommitChanges();
                    Label3.Text = "User Password Reset.";
                    Label3.ForeColor = System.Drawing.Color.Green;
 
                }
                else
                {
                    Label3.Text = "User Not Found.";
                    Label3.ForeColor = System.Drawing.Color.Red;
                }
            }
            catch (Exception exep)
            {
                string theError = exep.Message.ToString();
                Label3.Text = theError;
                Label3.ForeColor = System.Drawing.Color.Red;
            }

Open in new window

0
Comment
Question by:agcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24747917

Hey,

You need to pull the "userAccountControl" attribute, then look in it for a specific flag and potentially remove that flag.

So, the Password Never Expires flag can be found by performing a Bitwise And against the userAccountControl value. Something like this...

If (de.Properties["userAccountControl"].Value & 65536) {
  // This password never expires
  de.Properties["userAccountControl"].Value = de.Properties["userAccountControl"].Value ^ 65536;
  de.CommitChanges();
}

Values for the full set of flags associated with userAccountControl can be found here:

http://support.microsoft.com/kb/305144

You should see that Password Never Expires is listed as decimal 65536.

Chris
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question