Solved

Uncheck "password never expires" on a user account.

Posted on 2009-06-30
2
2,063 Views
Last Modified: 2012-05-07
I made a tool for our support team that allows them to reset a user's AD password and require them to change it on next logon. The problem is that if "password never expires" is checked it will change the password but not require the user to change it at next logon. Is there a way to tell if it is checked and uncheck it if it is? Below is part of the code
DirectoryEntry de = GetUser(theUserToChange);
            try
            {
 
                if (de != null)
                {
                    string NewPassword = "password";
               // here I would like to check to see if "password never expires" is checked and if 
              // so uncheck it before setting the new password.
                    de.Invoke("SetPassword", new object[] { NewPassword });
                    de.Properties["pwdLastSet"].Value = 0;
                    de.CommitChanges();
                    Label3.Text = "User Password Reset.";
                    Label3.ForeColor = System.Drawing.Color.Green;
 
                }
                else
                {
                    Label3.Text = "User Not Found.";
                    Label3.ForeColor = System.Drawing.Color.Red;
                }
            }
            catch (Exception exep)
            {
                string theError = exep.Message.ToString();
                Label3.Text = theError;
                Label3.ForeColor = System.Drawing.Color.Red;
            }

Open in new window

0
Comment
Question by:agcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24747917

Hey,

You need to pull the "userAccountControl" attribute, then look in it for a specific flag and potentially remove that flag.

So, the Password Never Expires flag can be found by performing a Bitwise And against the userAccountControl value. Something like this...

If (de.Properties["userAccountControl"].Value & 65536) {
  // This password never expires
  de.Properties["userAccountControl"].Value = de.Properties["userAccountControl"].Value ^ 65536;
  de.CommitChanges();
}

Values for the full set of flags associated with userAccountControl can be found here:

http://support.microsoft.com/kb/305144

You should see that Password Never Expires is listed as decimal 65536.

Chris
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question