Friday, April 12, 2013

AD Change Password on next Logon

So there seem to be a number of posts on how to set this via Novell IDM. All you really need to do is the the pwdLastSet attribute on a user to 0. Then the next time they log in they will need to change their password. We had a challenge where for certain users on creation we did not what their password to be 'expired'. To acheive this you have to set pwdLastSet to -1. I could not find to many posts on this but this one helped ->

"If the previous value of pwdLastSet is 0, assigning the value -1 results in
Active Directory actually making the value equivalent to the current
date/time (as if the user just changed their password). If the previous
value of pwdLastSet is any other value (even if the password is expired),
assigning the value -1 results in no change. If you want the value of
pwdLastSet to be equivalent to the current time, first assign 0, then
assign -1."

No comments:

Followers