{"id":69453,"date":"2005-07-06T20:54:00","date_gmt":"2005-07-06T20:54:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2005\/07\/06\/how-can-i-cause-a-users-password-to-expire\/"},"modified":"2005-07-06T20:54:00","modified_gmt":"2005-07-06T20:54:00","slug":"how-can-i-cause-a-users-password-to-expire","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-cause-a-users-password-to-expire\/","title":{"rendered":"How Can I Cause a User\u2019s Password to Expire?"},"content":{"rendered":"<p><IMG class=\"nearGraphic\" title=\"Hey, Scripting Guy! Question\" border=\"0\" alt=\"Hey, Scripting Guy! Question\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" width=\"34\" height=\"34\"> \n<P>Hey, Scripting Guy! How can I cause a user\u2019s password to expire?<BR><BR>&#8212; GB<\/P><IMG border=\"0\" alt=\"Spacer\" src=\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\" width=\"5\" height=\"5\"><IMG class=\"nearGraphic\" title=\"Hey, Scripting Guy! Answer\" border=\"0\" alt=\"Hey, Scripting Guy! Answer\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" width=\"34\" height=\"34\"><A href=\"http:\/\/go.microsoft.com\/fwlink\/?linkid=68779&amp;clcid=0x409\"><IMG class=\"farGraphic\" title=\"Script Center\" border=\"0\" alt=\"Script Center\" align=\"right\" src=\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" width=\"120\" height=\"288\"><\/A> \n<P>Hey, GB. You know, one thing people dislike about politicians is that any time you ask them a question many politicians will give you an answer to a <I>different<\/I> question. Even worse, if you press them on that point they\u2019ll tell you that there\u2019s a good reason why they did that: after all, it\u2019s for your own good.<\/P>\n<P>What does that have to do with the <I>Hey, Scripting Guy!<\/I> column? Well, instead of answering the question you asked, we\u2019re going to answer a different question. But don\u2019t worry: it\u2019s for your own good.<\/P>\n<P>So why <I>is<\/I> this for your own good? Well, we\u2019re assuming there\u2019s only one reason why you\u2019d want to expire a user\u2019s password: you want the user to have to change that password the next time they log on. You wouldn\u2019t expire a password in order to prevent a user from logging on; if you don\u2019t want a user logging on then you should disable or delete the user account. We want to force a user to change their password the next time they log on, and there\u2019s an easier way to do that than by changing the password expiration date. All you have to do is run this little script instead:<\/P><PRE class=\"codeSample\">Set objUser = GetObject(&#8220;LDAP:\/\/CN=myerken,OU=Finance,DC=Fabrikam,DC=com&#8221;)<\/p>\n<p>objUser.pwdLastSet = 0\nobjUser.SetInfo\n<\/PRE>\n<P>That\u2019s right: there really <I>isn\u2019t<\/I> much to it, is there? We begin by binding to the user account in Active Directory; that\u2019s what this line of code is for:<\/P><PRE class=\"codeSample\">Set objUser = GetObject(&#8220;LDAP:\/\/CN=myerken,OU=Finance,DC=Fabrikam,DC=com&#8221;)\n<\/PRE>\n<P>Having done that, we then set the value of the <B>pwdLastSet<\/B> attribute to 0. pwdLastSet is an attribute that stores the date and time that the password for a given account was last set. If pwdLastSet is equal to 0 the user will have no choice but to change their password the next time they log on. In other words, without having to mess around with dates and times we\u2019ve essentially \u201cexpired\u201d their password: their current password will have to be changed the next time they log on. We set pwdLastSet to 0, then call the <B>SetInfo<\/B> method to write the change back to Active Directory.<\/P>\n<P>Incidentally, you can do the same sort of thing with local user accounts using a script like this:<\/P><PRE class=\"codeSample\">strComputer = &#8220;atl-win2k-01&#8221;\nSet objUser = GetObject(&#8220;WinNT:\/\/&#8221; &amp; strComputer &amp; &#8220;\/kenmyer&#8221;)<\/p>\n<p>objUser.PasswordExpired = 1\nobjUser.SetInfo\n<\/PRE>\n<P>In this script, we bind to the Ken Myer account on the computer atl-win2k-01 and then set the value of the <B>PasswordExpired<\/B> attribute to 1. We call the SetInfo method and, voil\u00e0: the next time Ken Myer logs on to this computer he\u2019ll have to change his password.<\/P>\n<P>So there you have it: we answered <I>a<\/I> question, even though it might not have been the exact question we were asked. Hopefully this will help: the last time we tried giving answers that didn\u2019t match the questions was on our SAT test. That one didn\u2019t work out too well.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hey, Scripting Guy! How can I cause a user\u2019s password to expire?&#8212; GB Hey, GB. You know, one thing people dislike about politicians is that any time you ask them a question many politicians will give you an answer to a different question. Even worse, if you press them on that point they\u2019ll tell you [&hellip;]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,20,5],"class_list":["post-69453","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-user-accounts","tag-vbscript"],"acf":[],"blog_post_summary":"<p>Hey, Scripting Guy! How can I cause a user\u2019s password to expire?&#8212; GB Hey, GB. You know, one thing people dislike about politicians is that any time you ask them a question many politicians will give you an answer to a different question. Even worse, if you press them on that point they\u2019ll tell you [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/69453","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=69453"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/69453\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=69453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=69453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=69453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}