Improve company productivity with a Business Account.Sign Up

x
?
Solved

Uncheck "password never expires" on a user account.

Posted on 2009-06-30
2
Medium Priority
?
2,289 Views
Last Modified: 2012-05-07
I made a tool for our support team that allows them to reset a user's AD password and require them to change it on next logon. The problem is that if "password never expires" is checked it will change the password but not require the user to change it at next logon. Is there a way to tell if it is checked and uncheck it if it is? Below is part of the code
DirectoryEntry de = GetUser(theUserToChange);
            try
            {
 
                if (de != null)
                {
                    string NewPassword = "password";
               // here I would like to check to see if "password never expires" is checked and if 
              // so uncheck it before setting the new password.
                    de.Invoke("SetPassword", new object[] { NewPassword });
                    de.Properties["pwdLastSet"].Value = 0;
                    de.CommitChanges();
                    Label3.Text = "User Password Reset.";
                    Label3.ForeColor = System.Drawing.Color.Green;
 
                }
                else
                {
                    Label3.Text = "User Not Found.";
                    Label3.ForeColor = System.Drawing.Color.Red;
                }
            }
            catch (Exception exep)
            {
                string theError = exep.Message.ToString();
                Label3.Text = theError;
                Label3.ForeColor = System.Drawing.Color.Red;
            }

Open in new window

0
Comment
Question by:agcsupport
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24747917

Hey,

You need to pull the "userAccountControl" attribute, then look in it for a specific flag and potentially remove that flag.

So, the Password Never Expires flag can be found by performing a Bitwise And against the userAccountControl value. Something like this...

If (de.Properties["userAccountControl"].Value & 65536) {
  // This password never expires
  de.Properties["userAccountControl"].Value = de.Properties["userAccountControl"].Value ^ 65536;
  de.CommitChanges();
}

Values for the full set of flags associated with userAccountControl can be found here:

http://support.microsoft.com/kb/305144

You should see that Password Never Expires is listed as decimal 65536.

Chris
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question