Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
addextender("wwads34i.dll") addextender("wwwnt34i.dll") domain1 = "A" domain2 = "P" ;Admin account to perform AD functions adminln = "cn=Admin,cn=Users,dc=P,dc=com" adminps = "password" ;Number of days before passwords expire passexpire = 90 ;Number of days left before password expires to prompt for change threshold = 100 uname = AskLine("Need input","Please enter the account you are interested in:","") ;Set AD Credentials dsSetCredent(adminln, adminps) ;Check for AD existence ADPath = "LDAP://A.P.COM/ou=Users,ou=X,DC=A,DC=P,DC=com" if !(dsIsObject(ADPath)) goto goodbye endif ;Get path of Users AD account in AD errormode(@off) sAdsiPath = "LDAP://A.P.COM/ou=Users,ou=X,DC=A,DC=P,DC=com" sUser = dsFindPath(sAdsiPath, "(sAMAccountName=%uname%)") errormode(@cancel) lasterr = lasterror() if (lasterr != 0) message("Error","Error #%lasterr% occured while finding the username in AD") goto goodbye endif ;Is User account < X days from expiration errormode(@off) Rlastset = dsGetProperty(sUser, "pwdLastSet") errormode(@cancel) lasterr = lasterror() if (lasterr != 0) message("Error","Error #%lasterr% occured while requesting the password expiration date from AD") goto goodbye endif Rcurrenttime = TimeYmdHms() lastset = strfixchars(Rlastset,"",10) currenttime = strfixchars(Rcurrenttime,"",10) timedif = TimeDiffDays(currenttime,lastset) expire = (passexpire - timedif) ;expire = 5 expiredate = TimeAdd(Rcurrenttime,"0000:00:%expire%:00:00:00") year = ItemExtract(1,expiredate,":") month = ItemExtract(2,expiredate,":") day = ItemExtract(3,expiredate,":") if (expire > threshold) Message("User %uname%'s","Password will expire in %expire% days, on %month%/%day%/%year%.") goto goodbye endif if (expire <= threshold) if (expire > 0) && (expire < threshold) fix = AskYesNo("User %uname%'s","Password will expire in %expire% days, on %month%/%day%/%year%. Do you want to change the expiration date?") endif if (expire <= 0 ) fix = AskYesNo("User %uname%'s","Password has expired. Do you want to change the expiration date?") endif if fix == @NO goto goodbye endif if fix == @YES list = StrCat("15",@tab,"30",@tab,"45",@tab,"90") A = AskItemList("Select the number of days to extend the current password", list, @tab, @sorted, @single) addtime = "0000:00:%A%:00:00:00" newdate = TimeAdd(expiredate,addtime) ;This line will change AD pwdLastSet variable to new value dsSetProperty(sUser, "pwdLastSet", newdate) newdate2 = strfixchars(newdate,"",10) year = ItemExtract(1,newdate2,":") month = ItemExtract(2,newdate2,":") day = ItemExtract(3,newdate2,":") Message("Password extended!","%uname%'s password will now expire on %month%/%day%/%year%.") endif :goodbye exit
The documentation for that property states:
To force a user to change their password at next logon, set the pwdLastSet attribute to zero (0). To remove this requirement, set the pwdLastSet attribute to -1. The pwdLastSet attribute cannnot be set to any other value except by the system.http://msdn.microsoft.com/library/en-us/adsi/adsi/user_must_change_password_at_next_logon.asp?frame=true
Article ID: W16311
File Created: 2005:02:18:12:19:46
Last Updated: 2005:02:18:12:19:46