Hi,

Is there a way in Active Directory to force a password to expire on a 
certain day?

Thanks in advance,
JeffH

Howdie!

Am 29.03.2010 21:09, schrieb JeffH:
> Is there a way in Active Directory to force a password to expire on a
> certain day?

Take the date you want the account to expire on and substract the max 
password age from that date. You'll get the data when the passwords 
needs to be set last -- that's the date you'll need to set pwdLastSet 
attribute for that user. Since pwdLastSet has a weird format, you'll 
need to convert the date into pwdLastSet's format 
(http://msdn.microsoft.com/en-us/library/ms724284(VS.85).aspx) It's a 
little tricky.

Cheers,
Florian

Howdie!

Am 29.03.2010 21:09, schrieb JeffH:
> Is there a way in Active Directory to force a password to expire on a
> certain day?

Other than that, I was thinking if you really need the password to 
expire on that date, if you could - more easily - have the account 
expire on that date? That's exposed in the UI and easy to set and re-set 
if you came to still need it after day-x (if you don't want to have the 
user choose on that and have more control on it yourself).

Cheers,
Florian

"JeffH" <JeffH@discussions.microsoft.com> wrote in message 
news:BB69ADA4-4AD3-4103-AC37-DF60724C530C@microsoft.com...
> Hi,
>
> Is there a way in Active Directory to force a password to expire on a
> certain day?
>
> Thanks in advance,
> JeffH

Active Directory has no provision for this. However, you can immediately 
expire the password by assigning 0 to the pwdLastSet attribute (assuming the 
password can expire). On the day you want the password to expire, run a 
utility or script that makes pwdLastSet 0.

-- 
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--