Solved

How to make a password expire now?

Posted on 2010-08-24
5
894 Views
Last Modified: 2012-05-10
Hi experts!

I know how to reset a password and force the user to change his password at next logon. This is NOT what I am looking for here.

For testing purposes I need to make a single domain user account's password expire at a given time without changing the whole password policy. Is there a way?
The net user /expire switch is not meant for passwords but for accounts.

The domain functional level is 2008 if of interest, so PSOs could be one solution. Any other solution?
0
Comment
Question by:McKnife
5 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 150 total points
ID: 33509125
The most simple way is the PSO. It is not so simple modifing password expires stamp in user's object.
0
 
LVL 7

Assisted Solution

by:gnegrota
gnegrota earned 150 total points
ID: 33509344
0
 
LVL 83

Accepted Solution

by:
oBdA earned 200 total points
ID: 33509403
PSOs are actually the only solution (unless you create a scheduled task that sets the password to "expired" on a certain date, but that's sort of "cheating", at least if you want to test the password policy).
The password expiration date is calculated dynamically based on the PwdLastSet AD attribute and maxPwdAge. For security reasons, only System is allowed to change PwdLastSet to an actual date; the only changes allowed when programmatically changing this attribute are 0 (password expired, user must change it) and -1 (password set today, user is not required to change it).
0
 
LVL 54

Author Comment

by:McKnife
ID: 33509486
The vbscript could be interesting, however, the window title is password reset script - what does it do? After finding the test user, it says "User found: choose which one to reset pw to default"
1. testuser

If I choose 1, it simply starts over and the attribute password last set doews not change - is this expected? Did you ever use this script yourself?
0
 
LVL 54

Author Comment

by:McKnife
ID: 33509902
You know what?
Nevermind.

The PSO solution is ok and to be honest, not until writing down the question, I came up with the same thought that's why it appears late in the final sentence.

I will divide the points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now