In a development environment I want to modify the 'password last set' date of my AD accounts so they won't begin to expire during development phase, but as soon as the environment becomes a production environment.
How can I change that date?
In a development environment I want to modify the 'password last set' date of my AD accounts so they won't begin to expire during development phase, but as soon as the environment becomes a production environment.
How can I change that date?
You cannot set it to an arbitrary value, but you can set it to the current date via the following steps:
Get the account:
$user = Get-ADUser -Identity $UserName -Properties pwdLastSet
Set the value to 0:
$user.pwdLastSet = 0
Set-ADUser -Instance $user
Set the value to -1:
$user.pwdLastSet = -1
Set-ADUser -Instance $user
After that, the account behaves as if the password has just been changed.
Semicolon contributed through the comments, that you can also achieve the above through:
Set-ADUser -Identity $UserName -ChangePasswordAtLogon $true | Set-ADUser -ChangePasswordAtLogon $false
FYI, you can apply the same logic to local accounts:
net user $UserName /LOGONPASSWORDCHG:YES
net user $UserName /LOGONPASSWORDCHG:NO