Active Directory: Reset Password Expiration Date

Today, I had a user call our Help Desk because he was out in the field and his password had expired on his Active Directory user account. We do not have a method for them to reset it from off-site (yet). So I needed to extend the expiration date on his password so he could use it until he returns to the office.

SOLUTION

The best solution I could find was to set the pwdLastSet attribute on his Active Directory account to today’s date.  I found the original solution here.

To do this:

1)  From Active Directory Users & Computers, ensure Advanced Features are enabled on the View menu

2)  Navigate to the Users account.  You should find an Attribute Editor tab.

3)  Scroll to the pwdLastSet field.  Modify it by entering 0 (zero) in the value field.  Click OK.  This sets the value to (Never) as in the password has never been set.  Click OK on the User Account Properties box.

4)  Open the User’s Account Properties again.  Go back to the Attribute Editor tab.  Scroll to pwdLastSet and modify it with a value of -1.  Click OK twice.

5)  When you view the pwdLastSet value, it will now indicate today’s date.

While this is not the best solution because it extends the password expiration from today’s date based on your Domain Password Policy instead of just setting it to expire in a few days time.

About these ads
This entry was posted in Active Directory and tagged , . Bookmark the permalink.

6 Responses to Active Directory: Reset Password Expiration Date

  1. Schorsch says:

    Thanks! That was what I needed just now :-)

  2. Juan says:

    Impresionante. Muchas gracias.

  3. Jason says:

    Trying to test this… I removed “Password Never Expires” then in the attribute editor changed PwdLastSet to -1 and it shows a value of (never). When I close it and reopen it defaults back to the last timestamp…

    • Brian says:

      Did you click on okay until the User Properties box was closed after first setting the value to 0? If I recall correctly, setting it to zero then one in the same User Properties dialog session will not allow the changes to be kept.

  4. Jason says:

    I think I figured out the problem. The “Must Change at Next Logon” flag must be on for this to work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s