Can someone help me write a powershell that does the following?
I want to change pwdlastset active directory attribute on a specified OU
If password age is greater than 175 days then:
- Change pwdlastset to 0 and commit that to AD
- Change pwdlastset to -1 and commit that to AD
*skip if user account is set to pw never expire.
I'm putting a new 180 day password policy in place and i dont want it to force an immediate password expiration on people who's password is older than 180 days. I'm using a tool that will notify them in the last 10 days of expiration but if it expires right away this tool wont help.