Preventing a User’s Password from Expiring

Posted: January 14, 2010 in Active Directory, Networking, Server, System Information
Tags: , ,


Problem

You want to prevent a user’s password from expiring.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.
  2. In the left pane, right-click on the domain and select Find.
  3. Select the appropriate domain beside In.
  4. Beside Name, type the name of the user you want to modify and click Find Now.
  5. In the Search Results window, double-click on the user.
  6. Click the Account tab.
  7. Under Account options, check the box beside “Password never expires.”
  8. Click OK.

Using a command-line interface

> dsmod user “<UserDN>” -pwdneverexpires yes

Using VBScript

‘ This code sets a

users password to never expire

‘ —— SCRIPT CONFIGURATION ——

strUserDN = “<UserDN>” ‘ e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com

‘ —— END CONFIGURATION ——–

intBit = 65536

strAttr = “userAccountControl”

set objUser = GetObject(“LDAP://” & strUserDN)

intBitsOrig = objUser.Get(strAttr)

intBitsCalc = CalcBit(intBitsOrig, intBit, TRUE)

if intBitsOrig <> intBitsCalc then

objUser.Put strAttr, intBitsCalc

objUser.SetInfo

WScript.Echo “Changed ” & strAttr & ” from ” & _

intBitsOrig & ” to ” & intBitsCalc

else

WScript.Echo “Did not need to change ” & strAttr & ” (” & _

intBitsOrig & “)”

end if

Discussion

Setting a user’s password to never expire overrides any password aging policy you’ve defined in the domain. To disable password expiration, you need to set the bit equivalent of 65536 (i.e., 10000000000000000) in the userAccountControl attribute of the target user.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s