How to change "pwdlastset" attribute value manually

AD 2003 using ADSI EDIT
=========================
I need to test a password policy expiry. How this works is- a email is triggered when the password is expired.I need to test teh functionality.

I want to expire my password (say today).So trying to set the "pwdlastset" attribute and getting "The parameter is incorrect"

1. am doing right thing? Is this a configugarable attirbute?
2. If so how to do I edit this?
3. What values are accepted (ex.1, 0) and what they mean?

Any suggestions to help change the expiry value are greatly appreciated.
 
sirineniAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSenior Systems AdminCommented:
The pwdlastset value is actually written as an LDAP timestamp. That timestamp is the number of 100 nanosecond intervals since January 1, 1601. You can get the value for the current time in Powershell by entering (get-date).toFileTime()

Today's is 129538456723328565
so if you enter that as the value of pwdlastset it will set the password last set value to Wednesday, June 29, 2011 18:27:52GMT
sirineniAuthor Commented:
acbrown2010,
Thanks for the note but still getting(while using 129538456723328565) same error when I hit apply "Parameter is incorrect". Only value it seems to be taking is "0" which might have a different meaning!
Adam BrownSenior Systems AdminCommented:
Yeah, just figured that out myself. Setting to 0 means that the user has to do a password reset immediately. Give me a minute and I'll figure it out.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Adam BrownSenior Systems AdminCommented:
Alright, got it. Setting it to -1 will reset the date to the current time. Note that this will only happen if the user does not have the Password Never Expires option set.
sirineniAuthor Commented:
no luck. as soon as I type minus (-)Gives "unacceptable character and you can only type number here"/
Password never expire is not set on teh account
oBdACommented:
You can not change that value to a given date, only 0 ("Must change password") and -1 ("Password changed today"): "The pwdLastSet attribute cannot be set to any other value except by the system.".
User Must Change Password at Next Logon (LDAP Provider)
http://msdn.microsoft.com/en-us/library/aa746510(VS.85).aspx
"Update Privilege: This value is set by the system."
Pwd-Last-Set Attribute
http://msdn.microsoft.com/en-us/library/ms679430(VS.85).aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.