Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to edit the password last changed AD attribute

Posted on 2013-11-20
10
Medium Priority
?
693 Views
Last Modified: 2013-12-03
I want test out whether user's get a warning about their domain password expiring.  I want to be able to change the attribute that controls when they get the reminder.  I tried using a few approaches but can't get the value to set.  Are there any other methods to do this?

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22624322.html

http://kb4sp.wordpress.com/2011/06/03/changing-the-password-expiry-on-a-windows-account-to-n-days-in-the-future/

I get cryptic errors when trying either approach.  Anyone have a better way to change this?

Windows domain and forest level is Windows 2008.
0
Comment
Question by:dmwynne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39663719
If you are simply wanting to change the default time the user is notified when their password is about to expire you can change this via GPO in AD.

You can also do this from the registry as well.

GPO - Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration

Registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under PasswordExpiryWarning

Reference - http://technet.microsoft.com/en-us/library/ee829687(v=ws.10).aspx


Will.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 39663945
No that is not what I want to do.  Say I have a test user and there password is expiring in 50 days.  The domain password policy is set to force a password change every 90 days and to start reminding the users when there are 14 days left.  I want to be able to set the user's account so that the instead of having 50 days left before exoiration they are under the 14 days.  This would be so I could test if they get the warning when they login.

The attribute in AD is pwdLastSet I just can't get it to change they way it worked in the two links I posted originally.
0
 
LVL 5

Accepted Solution

by:
Pankaj_401 earned 2000 total points
ID: 39664229
You Either use any free or paid commercial tool as well for this it will notify you when a user's password is going to expire
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Author Comment

by:dmwynne
ID: 39664402
I don't need a notification.  I need to be able to change the value if how many days are left before and account expires.  Again say a user account is about to expire in 10 days.  I want to be able to change that value to something else like 8 days.  This is on the account itself.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39665099
I don't think Microsoft has placed a loop hole for this as it will be a security breech against password policy however you might want to check ADSIEDIT.msc
0
 
LVL 14

Author Closing Comment

by:dmwynne
ID: 39675915
If though I did not originally ask for how to send a notice that is what I ended up doing so giving you the points.
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39690002
Thanks for the points :P
BTW have you found any software till now up to your expectation?
0
 
LVL 14

Author Comment

by:dmwynne
ID: 39690023
I went with a scheduled task script that emails users.
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39692221
I went with a scheduled task script that emails users.

Is it working for you? Else you can have a look on this utility. I am not sure whether it will full-fill your need or not.
0
 
LVL 14

Author Comment

by:dmwynne
ID: 39692321
Yes the scripts works fine.  Thanks.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question