In a development environment I want to modify the 'password last set' date of my AD accounts so they won't begin to expire during development phase, but as soon as the environment becomes a production environment.
How can I change that date?
Asked
Active
Viewed 2,178 times
2 Answers
1
You cannot set it to an arbitrary value, but you can set it to the current date via the following steps:
Get the account:
$user = Get-ADUser -Identity $UserName -Properties pwdLastSetSet the value to 0:
$user.pwdLastSet = 0 Set-ADUser -Instance $userSet the value to -1:
$user.pwdLastSet = -1 Set-ADUser -Instance $user
After that, the account behaves as if the password has just been changed.
Semicolon contributed through the comments, that you can also achieve the above through:
Set-ADUser -Identity $UserName -ChangePasswordAtLogon $true | Set-ADUser -ChangePasswordAtLogon $false
FYI, you can apply the same logic to local accounts:
net user $UserName /LOGONPASSWORDCHG:YES
net user $UserName /LOGONPASSWORDCHG:NO
stackprotector
- 596
- 1
- 8
- 27
-
ChangePasswordAtLogon variant not working. After that account password became expired. – DuhVir Apr 10 '23 at 07:31
0
All you need to do to reset the pasword clock is open ADusers and computers find the user/users in question (you can do a bulk change by highlighting several users) On the account tab - tick the change at next login and click apply and then untick the same box and apply again
that will reset the password last set to the time and date you applied it
hope that helps
Liam
- 1