?
Solved

Uncheck "password never expires" on a user account.

Posted on 2009-06-30
2
Medium Priority
?
2,260 Views
Last Modified: 2012-05-07
I made a tool for our support team that allows them to reset a user's AD password and require them to change it on next logon. The problem is that if "password never expires" is checked it will change the password but not require the user to change it at next logon. Is there a way to tell if it is checked and uncheck it if it is? Below is part of the code
DirectoryEntry de = GetUser(theUserToChange);
            try
            {
 
                if (de != null)
                {
                    string NewPassword = "password";
               // here I would like to check to see if "password never expires" is checked and if 
              // so uncheck it before setting the new password.
                    de.Invoke("SetPassword", new object[] { NewPassword });
                    de.Properties["pwdLastSet"].Value = 0;
                    de.CommitChanges();
                    Label3.Text = "User Password Reset.";
                    Label3.ForeColor = System.Drawing.Color.Green;
 
                }
                else
                {
                    Label3.Text = "User Not Found.";
                    Label3.ForeColor = System.Drawing.Color.Red;
                }
            }
            catch (Exception exep)
            {
                string theError = exep.Message.ToString();
                Label3.Text = theError;
                Label3.ForeColor = System.Drawing.Color.Red;
            }

Open in new window

0
Comment
Question by:agcsupport
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24747917

Hey,

You need to pull the "userAccountControl" attribute, then look in it for a specific flag and potentially remove that flag.

So, the Password Never Expires flag can be found by performing a Bitwise And against the userAccountControl value. Something like this...

If (de.Properties["userAccountControl"].Value & 65536) {
  // This password never expires
  de.Properties["userAccountControl"].Value = de.Properties["userAccountControl"].Value ^ 65536;
  de.CommitChanges();
}

Values for the full set of flags associated with userAccountControl can be found here:

http://support.microsoft.com/kb/305144

You should see that Password Never Expires is listed as decimal 65536.

Chris
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question