• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 709
  • Last Modified:

How to edit the password last changed AD attribute

I want test out whether user's get a warning about their domain password expiring.  I want to be able to change the attribute that controls when they get the reminder.  I tried using a few approaches but can't get the value to set.  Are there any other methods to do this?

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22624322.html

http://kb4sp.wordpress.com/2011/06/03/changing-the-password-expiry-on-a-windows-account-to-n-days-in-the-future/

I get cryptic errors when trying either approach.  Anyone have a better way to change this?

Windows domain and forest level is Windows 2008.
0
dmwynne
Asked:
dmwynne
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you are simply wanting to change the default time the user is notified when their password is about to expire you can change this via GPO in AD.

You can also do this from the registry as well.

GPO - Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration

Registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under PasswordExpiryWarning

Reference - http://technet.microsoft.com/en-us/library/ee829687(v=ws.10).aspx


Will.
0
 
dmwynneAuthor Commented:
No that is not what I want to do.  Say I have a test user and there password is expiring in 50 days.  The domain password policy is set to force a password change every 90 days and to start reminding the users when there are 14 days left.  I want to be able to set the user's account so that the instead of having 50 days left before exoiration they are under the 14 days.  This would be so I could test if they get the warning when they login.

The attribute in AD is pwdLastSet I just can't get it to change they way it worked in the two links I posted originally.
0
 
Pankaj_401Commented:
You Either use any free or paid commercial tool as well for this it will notify you when a user's password is going to expire
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
dmwynneAuthor Commented:
I don't need a notification.  I need to be able to change the value if how many days are left before and account expires.  Again say a user account is about to expire in 10 days.  I want to be able to change that value to something else like 8 days.  This is on the account itself.
0
 
Pramod UbheCommented:
I don't think Microsoft has placed a loop hole for this as it will be a security breech against password policy however you might want to check ADSIEDIT.msc
0
 
dmwynneAuthor Commented:
If though I did not originally ask for how to send a notice that is what I ended up doing so giving you the points.
0
 
Pankaj_401Commented:
Thanks for the points :P
BTW have you found any software till now up to your expectation?
0
 
dmwynneAuthor Commented:
I went with a scheduled task script that emails users.
0
 
Pankaj_401Commented:
I went with a scheduled task script that emails users.

Is it working for you? Else you can have a look on this utility. I am not sure whether it will full-fill your need or not.
0
 
dmwynneAuthor Commented:
Yes the scripts works fine.  Thanks.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now