Solved

How to make a password expire now?

Posted on 2010-08-24
5
893 Views
Last Modified: 2012-05-10
Hi experts!

I know how to reset a password and force the user to change his password at next logon. This is NOT what I am looking for here.

For testing purposes I need to make a single domain user account's password expire at a given time without changing the whole password policy. Is there a way?
The net user /expire switch is not meant for passwords but for accounts.

The domain functional level is 2008 if of interest, so PSOs could be one solution. Any other solution?
0
Comment
Question by:McKnife
5 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 150 total points
ID: 33509125
The most simple way is the PSO. It is not so simple modifing password expires stamp in user's object.
0
 
LVL 7

Assisted Solution

by:gnegrota
gnegrota earned 150 total points
ID: 33509344
0
 
LVL 82

Accepted Solution

by:
oBdA earned 200 total points
ID: 33509403
PSOs are actually the only solution (unless you create a scheduled task that sets the password to "expired" on a certain date, but that's sort of "cheating", at least if you want to test the password policy).
The password expiration date is calculated dynamically based on the PwdLastSet AD attribute and maxPwdAge. For security reasons, only System is allowed to change PwdLastSet to an actual date; the only changes allowed when programmatically changing this attribute are 0 (password expired, user must change it) and -1 (password set today, user is not required to change it).
0
 
LVL 53

Author Comment

by:McKnife
ID: 33509486
The vbscript could be interesting, however, the window title is password reset script - what does it do? After finding the test user, it says "User found: choose which one to reset pw to default"
1. testuser

If I choose 1, it simply starts over and the attribute password last set doews not change - is this expected? Did you ever use this script yourself?
0
 
LVL 53

Author Comment

by:McKnife
ID: 33509902
You know what?
Nevermind.

The PSO solution is ok and to be honest, not until writing down the question, I came up with the same thought that's why it appears late in the final sentence.

I will divide the points.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now