Solved

How to make a password expire now?

Posted on 2010-08-24
5
898 Views
Last Modified: 2012-05-10
Hi experts!

I know how to reset a password and force the user to change his password at next logon. This is NOT what I am looking for here.

For testing purposes I need to make a single domain user account's password expire at a given time without changing the whole password policy. Is there a way?
The net user /expire switch is not meant for passwords but for accounts.

The domain functional level is 2008 if of interest, so PSOs could be one solution. Any other solution?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 150 total points
ID: 33509125
The most simple way is the PSO. It is not so simple modifing password expires stamp in user's object.
0
 
LVL 7

Assisted Solution

by:gnegrota
gnegrota earned 150 total points
ID: 33509344
0
 
LVL 84

Accepted Solution

by:
oBdA earned 200 total points
ID: 33509403
PSOs are actually the only solution (unless you create a scheduled task that sets the password to "expired" on a certain date, but that's sort of "cheating", at least if you want to test the password policy).
The password expiration date is calculated dynamically based on the PwdLastSet AD attribute and maxPwdAge. For security reasons, only System is allowed to change PwdLastSet to an actual date; the only changes allowed when programmatically changing this attribute are 0 (password expired, user must change it) and -1 (password set today, user is not required to change it).
0
 
LVL 54

Author Comment

by:McKnife
ID: 33509486
The vbscript could be interesting, however, the window title is password reset script - what does it do? After finding the test user, it says "User found: choose which one to reset pw to default"
1. testuser

If I choose 1, it simply starts over and the attribute password last set doews not change - is this expected? Did you ever use this script yourself?
0
 
LVL 54

Author Comment

by:McKnife
ID: 33509902
You know what?
Nevermind.

The PSO solution is ok and to be honest, not until writing down the question, I came up with the same thought that's why it appears late in the final sentence.

I will divide the points.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question