Tuesday, March 10, 2015

Script to unexpire/expire a password

Running this expires a password allowing a logged on user to change their password if you have domain requirements needing a certain number of days between password changes.

$User = Get-ADUser user.name -properties pwdlastset
$user.pwdlastset = 0
Set-ADUser -instance $user

If a user has had their password expire, this script will unexpire it:

$User = Get-ADUser user.name -properties pwdlastset
$user.pwdlastset = -1
Set-ADUser -instance $user

This is handy if your domain security requires you to wait a day between password changes.  So if your user forgets their password and you change it, normally they would need to wait a day to change it again.  Instead run the script with the "0" setting once they are logged on and they can change their password.

No comments:

Post a Comment