on 10-30-2014 4:35 PM
Hi all,
After creating my user in the AD through a file ( ) and giving them a default password, I not able to set the checkbox "User must change password at next logon " so the user will chnage his password at the first connection:
I set :
pwdLastSet = 0
useraccountcontrol=512
Result: user creation failed
pwdLastSet = 0
useraccountcontrol=544
result : user creation sucess but without the checkbox : "User must change password at next logon "
Any idea ?
Linda
The link that Tero posted shows that "password expired" flag is 8388608, so I'd try 512+8388608 on a testuser and see what that does.
Update:
Found this SelfADSI : Attributes for AD Users - userAccountControl through google which states that:
UF_PASSWORD_EXPIRED ( 8388608 )
Caution: This bit does not work as expected!
Normally, this user account control bit is supposed to indicate that the user's password is expired. However, it is not set by the system when the password actually expires, nor can you force the user to change his password at the next logon by setting this bit.
If you really want to know whether the password of an account has expired or not, you can examine the attribute msDS-User-Account-Control-Computed, this is in contrast to the userAccountControl a good indicator for password expiration in the UF_LOCKOUT bit. However, this is a constructed attribute so that it cannot be used as a filter criterion in LDAP search operations.
If you want to force expiration of a password, just set user attribute pwdLastSet to -1.
So, try setting pwdLastSet=-1 on a testuser and see what happens 🙂
Br,
Per Krabsetsve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks to all for your help.
Linda
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.