Today, I had a user call our Help Desk because he was out in the field and his password had expired on his Active Directory user account. We do not have a method for them to reset it from off-site (yet). So I needed to extend the expiration date on his password so he could use it until he returns to the office.
The best solution I could find was to set the pwdLastSet attribute on his Active Directory account to today’s date. I found the original solution here.
To do this:
1) From Active Directory Users & Computers, ensure Advanced Features are enabled on the View menu
2) Navigate to the Users account. You should find an Attribute Editor tab.
3) Scroll to the pwdLastSet field. Modify it by entering 0 (zero) in the value field. Click OK. This sets the value to (Never) as in the password has never been set. Click OK on the User Account Properties box.
4) Open the User’s Account Properties again. Go back to the Attribute Editor tab. Scroll to pwdLastSet and modify it with a value of -1. Click OK twice.
5) When you view the pwdLastSet value, it will now indicate today’s date.
While this is not the best solution because it extends the password expiration from today’s date based on your Domain Password Policy instead of just setting it to expire in a few days time.