Solved

Uncheck "password never expires" on a user account.

Posted on 2009-06-30
2
1,927 Views
Last Modified: 2012-05-07
I made a tool for our support team that allows them to reset a user's AD password and require them to change it on next logon. The problem is that if "password never expires" is checked it will change the password but not require the user to change it at next logon. Is there a way to tell if it is checked and uncheck it if it is? Below is part of the code
DirectoryEntry de = GetUser(theUserToChange);

            try

            {
 

                if (de != null)

                {

                    string NewPassword = "password";

               // here I would like to check to see if "password never expires" is checked and if 

              // so uncheck it before setting the new password.

                    de.Invoke("SetPassword", new object[] { NewPassword });

                    de.Properties["pwdLastSet"].Value = 0;

                    de.CommitChanges();

                    Label3.Text = "User Password Reset.";

                    Label3.ForeColor = System.Drawing.Color.Green;
 

                }

                else

                {

                    Label3.Text = "User Not Found.";

                    Label3.ForeColor = System.Drawing.Color.Red;

                }

            }

            catch (Exception exep)

            {

                string theError = exep.Message.ToString();

                Label3.Text = theError;

                Label3.ForeColor = System.Drawing.Color.Red;

            }

Open in new window

0
Comment
Question by:agcsupport
2 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

Hey,

You need to pull the "userAccountControl" attribute, then look in it for a specific flag and potentially remove that flag.

So, the Password Never Expires flag can be found by performing a Bitwise And against the userAccountControl value. Something like this...

If (de.Properties["userAccountControl"].Value & 65536) {
  // This password never expires
  de.Properties["userAccountControl"].Value = de.Properties["userAccountControl"].Value ^ 65536;
  de.CommitChanges();
}

Values for the full set of flags associated with userAccountControl can be found here:

http://support.microsoft.com/kb/305144

You should see that Password Never Expires is listed as decimal 65536.

Chris
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now