Solved

Can you reset a users "last date when password changed"

Posted on 2013-12-05
7
2,070 Views
Last Modified: 2013-12-06
I recently set a FGPP that mandates a password change in 365 days and I wanted to roll it out gradually to large groups BUT most users already have a "Date when last changed password" thats is over the 365 days so once I apply the policy they are forced to change it then. I would like to reset their "Last password reset date to "0" so once the new policy is applied they will have 365 day to change it again.
0
Comment
Question by:MCS_Exchange
  • 3
  • 3
7 Comments
 
LVL 19

Accepted Solution

by:
jss1199 earned 500 total points
ID: 39699291
The powershell below will reset a specific user's paswd last change date.

$User = Get-ADUser user.name -properties pwdlastset 
$User.pwdlastset = 0 
Set-ADUser -Instance $User 
$user.pwdlastset = -1 
Set-ADUser -instance $User

Open in new window


If you assign 0, the password is immediately expired. The value -1 corresponds to the largest integer allowed in a 64-bit attribute, 2^63-1. This value does the reverse of 0. It makes the password not expired. When the user next logs on, the pwdLastSet attribute will be set by the system to the value corresponding to the current date/time. They will THEN have 365 days before they must change according to your policy.
0
 

Author Comment

by:MCS_Exchange
ID: 39699377
I will ask the team to try this... I have been searching specifically for ANY information on this and your response seems valid and was very fast. Thanks
0
 
LVL 19

Expert Comment

by:jss1199
ID: 39699407
More info from MS below.  See additional scripts in the community section at the bottom.

http://msdn.microsoft.com/en-us/library/ms679430(v=vs.85).aspx

And more discussion on this from our friends at Google...

https://groups.google.com/forum/#!topic/microsoft.public.windows.server.active_directory/xxrwqGUbttM
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39700220
If you set the maximum password age to zero days password will not expires see this for more details.http://technet.microsoft.com/en-us/magazine/ff741764.aspx

If you change the maximum password age from 600 days to a shorter period such as 360 days, users with passwords that are older than 360 days will instantly be prompted to change a new password. Their passwords expire right away. You can adjust the Maximum Password Age number "slowly" to minimise helpdesk call.

Reference link:http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/8e82e11c-3575-4413-b0dc-1c5e8dadb9d6
0
 

Author Comment

by:MCS_Exchange
ID: 39700830
Thanks Sandeshdubey... We thought of increasing the date limit but the actual # of users is so high this would take a lot of administration and then having to go back later to change the policy again so it occurrs every 365 days.

The first solution offered was just tested and worked and also opens the door to set the user back to -1 it seems their is only two options 0 or -1 Our next test is to change the "Last password change" to 335 on a set # of users with a must change date of 365 and see if this allows them 30 days to change.
0
 
LVL 19

Expert Comment

by:jss1199
ID: 39700977
MCS_Exchange,

For your next test, changing 365 days to 335 will not necessarily allow 30 days to change.  This is all dependent on the date the last password was changed.  For you test user, you can use the below to determine the actual date the system shows his last change date:

Import-Module ActiveDirectory
Get-ADUser 'UserName' -properties PasswordLastSet | Format-List

This date, along with the password age you specify, will allow you to dtermine if they will be forced to change passwords when you change the setting to x
0
 

Author Closing Comment

by:MCS_Exchange
ID: 39700995
The team customized their script and this was an excellent solution. I had spent a lot of time searching prior and your google pages were also helpful.

This has been a great help
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove Installed Application 1 45
DFS Replication in Another Domain 3 42
AD Account Lockout 22 37
Global Address List will not update via Powershell or EAC. 2 43
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now