![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n \n
Hey, Scripting Guy! How can I configure an Active Directory user account so that the account password never expires? Hey, BB. Before we start we have a question for you<\/I>: wouldn\u2019t you agree that Catch-22<\/I> is one of the four greatest novels ever written? We ask that because, in his English class, the Scripting Son was recently asked to select, and read, a book from a list provided by the teacher. \u201cHey, Scripting Dad,\u201d he said. \u201cHave you read any of these books? Are any of them any good?\u201d<\/P>\n \u201cGood heavens, Scripting Son!\u201d replied the Scripting Dad. \u201cCatch-22<\/I> is on the list! Catch-22<\/I> is one of the four greatest novels ever written. Everyone<\/I> knows that.\u201d<\/P>\n \u201cOK, I guess I\u2019ll read that one,\u201d replied the Scripting Son.<\/P>\n Of course, ever since then the Scripting Dad has had to listen to an unending litany of complaints:<\/P>\n
— BB<\/P>![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \n
| \u2022<\/TD>\n | \n \u201cThis book is weird.\u201d<\/P><\/TD><\/TR>\n | ||||
| \u2022<\/TD>\n | \n \u201cThis book doesn\u2019t make any sense.\u201d<\/P><\/TD><\/TR>\n | ||||
| \u2022<\/TD>\n | \n \u201cI thought you said this was a good<\/I> book.\u201d<\/P><\/TD><\/TR>\n \u201cThis is all your fault.\u201d<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n Note<\/B>. Actually that last one has nothing to do with Catch-22<\/I>. That\u2019s just a standard complaint the Scripting Dad hears every day.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n In order to fight fire with fire, the Scripting Dad is looking for people who agree with him that Catch-22<\/I> is one of the four greatest novels ever written. Can he count on your support, BB? OK, what if he sweetens the deal by giving you a script that can configure an Active Directory user account so that the account password never expires:<\/P> Set objUser = GetObject(“LDAP:\/\/cn=Ken Myer, ou=Finance, dc=fabrikam, dc=com”)<\/p>\n intUserAccountControl = objUser.Get(“userAccountControl”)<\/p>\n If Not objUser.userAccountControl AND ADS_UF_DONT_EXPIRE_PASSWD Then\n objUser.Put “userAccountControl”, _\n objUser.userAccountControl XOR ADS_UF_DONT_EXPIRE_PASSWD\n objUser.SetInfo\nEnd If\n<\/PRE>\n What do you mean, \u201cThat\u2019s still not good enough\u201d? Wow; you\u2019re a tough negotiator, BB. OK, how about this: how about we explain how this script works? Deal? Deal.<\/P>\n As you can see, the script starts out by defining a constant named ADS_UF_DONT_EXPIRE_PASSWD and assigning this constant the hexadecimal value &h10000. We\u2019ll need this constant when we reconfigure the account so that its password never expires.<\/P>\n After defining the constant we connect to the Ken Myer user account in Active Directory. Because Ken has a CN equal to Ken Myer<\/I> and because his account is in the Finance OU of Fabrikam.com the code required to connect to that account looks like this:<\/P> Now it starts to get a little weird (but just a little). As it turns out, the Active Directory property that determines whether or not a password expires is contained within the userAccountControl<\/B> property. The userAccountControl property is a \u201cbitmask\u201d property: that means it\u2019s a single property that contains multiple values. Is that important? You bet it is: because userAccountControl contains multiple values we can\u2019t simply set it to, say, True or False. Instead, we need to use \u201cbitwise logic\u201d to toggle the particular property that controls password expiration. That\u2019s just a heads-up to explain why some of the code you\u2019re about to see will look a little unusual, to say the least.<\/P>\n |