'Change Pwd Next Logon' and 'Pwd never Expires' ?

  • Thread starter Thread starter Schmidtmayer Marc
  • Start date Start date
S

Schmidtmayer Marc

Hi all,

I've an application that creates users.
But I've got a question.

I can set the 'Change Pwd at Next Logon'.
This is what I do .. and it works ;-) :
usr.pwdLastSet = -1

BUT !!!
Whenever I set the setting 'Pwd Never Expires' ... the 'Change Pwd at
Next Logon' is GONE !!! Only the 'Pwd Never Expires' setting is set.
This my script :
usr.userAccountControl = ADS_UF_NORMAL_ACCOUNT +
ADS_UF_DONT_EXPIRE_PASSWD
usr.pwdLastSet = -1

So, After this code the 'Change Pwd at Next Logon' is NOT set !
Why ?
Can't they be set togother ??

Thanks for any help !
Marc.
 
This action is by design.

This is also the same reaction you will get within the GUI if you attempt
to set both of these properties. The error message you get if you attempt
this is: You have selected 'Password never expires'. The user will not be
required to change the password at next logon. Within the GUI it will
automatically deselect the "User must change password at next logon"
checkbox.

Best regards,

Gregory Robb [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
 
Marc,

To clarify this a bit more.........

The "change password at next logon" check box actually expires the password
by setting pwdLastSet = 0 see
http://msdn.microsoft.com/library/d...i/user_must_change_password_at_next_logon.asp
By setting the "password never expires" flag, this not only sets a specific
value on useraccountcontrol (ADS_UF_DONT_EXPIRE_PASSWD), it also unexpires
the password by setting the pwdlastset to the current time (not very well
documented...i agree)

this is definately by design as Greg indicated.


--
Glenn L

CCNA, MCSE (2000,2003) + Security
Greg Robb said:
This action is by design.

This is also the same reaction you will get within the GUI if you attempt
to set both of these properties. The error message you get if you attempt
this is: You have selected 'Password never expires'. The user will not be
required to change the password at next logon. Within the GUI it will
automatically deselect the "User must change password at next logon"
checkbox.

Best regards,

Gregory Robb [MSFT]

This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
From: (e-mail address removed) (Schmidtmayer Marc)
Newsgroups: microsoft.public.win2000.active_directory
Subject: 'Change Pwd Next Logon' and 'Pwd never Expires' ?
Date: 25 Nov 2004 22:38:56 -0800
Organization: http://groups.google.com
Lines: 23
Message-ID: <[email protected]>
NNTP-Posting-Host: 195.234.145.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1101451137 28482 127.0.0.1 (26 Nov 2004 06:38:57 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Fri, 26 Nov 2004 06:38:57 +0000 (UTC)
Path: cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!new
sfeed1.ip.tiscali.net!news.glorb.com!postnews.google.com!not-for-mail
Xref: cpmsftngxa10.phx.gbl
microsoft.public.win2000.active_directory:94529
X-Tomcat-NG: microsoft.public.win2000.active_directory

Hi all,

I've an application that creates users.
But I've got a question.

I can set the 'Change Pwd at Next Logon'.
This is what I do .. and it works ;-) :
usr.pwdLastSet = -1

BUT !!!
Whenever I set the setting 'Pwd Never Expires' ... the 'Change Pwd at
Next Logon' is GONE !!! Only the 'Pwd Never Expires' setting is set.
This my script :
usr.userAccountControl = ADS_UF_NORMAL_ACCOUNT +
ADS_UF_DONT_EXPIRE_PASSWD
usr.pwdLastSet = -1

So, After this code the 'Change Pwd at Next Logon' is NOT set !
Why ?
Can't they be set togother ??

Thanks for any help !
Marc.
Click to expand...
Click to expand...
 
Back
Top