{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 傲 的问题《Change password expiration date in Active Director》','https://www.manongdao.com/q-814194.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to change the password expiration date for a user in Active Directory using VBScript. I have the code to obtain information about a user's password, but I can't find anything about how to change it. Any help would be greatly appreciated!
Here's my code:
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objOU = GetObject("LDAP://CN=[username],OU=Users,OU=New York,OU=NA,OU=[domain],DC=[domain],DC=firm")
intCurrentValue = objOU.Get("userAccountControl")
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
wscript.echo "The password does not expire."
Else
dtmValue = objOU.PasswordLastChanged
Wscript.echo "The password was last changed on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
"The difference between when the password was last set" & VbCrLf & _
"and today is " & int(now - dtmValue) & " days"
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://ropesgray")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge < 0 Then
WScript.Echo "The Maximum Password Age is set to 0 in the " & _
"domain. Therefore, the password does not expire."
Else
intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
If intTimeInterval >= intMaxPwdAge Then
Wscript.echo "The password has expired."
Else
Wscript.echo "The password will expire on " & _
DateValue(dtmValue + intMaxPwdAge) & " (" & _
int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
End If
End If
End If
'strUserPrincipalName = objOU.Get("userPrincipalName")
'strSAMAccountName = objOU.Get("sAMAccountName")
'strMaxPWAge = objOU.Get("manager")
'WScript.Echo strUserPrincipalName
'WScript.Echo strSAMAccountName
'WScript.Echo strMaxPWAge
You can use the
pwdLastSetattribute to change the password expiration, but perhaps not in the way you want.pwdLastSetis the number of 100-nanosecond intervals since 12:00 am January 1, 1601. According to Microsoft documentation, this attribute accepts only two values 0 or -1.try this :
pwdLastSetto 0, this means that the password has never been set.pwdLastSetto -1, this means that the password has just been set. So the value that appears inpwdLastSetis the current date/time.I use to use in in W2K3 and it's still working on W2H8 R2.
You can find there a tool (sorry in french) that allow you to create date/time from number of 100-nanosecond intervals since 12:00 am January 1, 1601.
Be carefull It lengthens the password duration, which is not good for security.
I hope it helps.
JP