In a development environment I want to modify the 'password last set' date of my AD accounts so they won't begin to expire during development phase, but as soon as the environment becomes a production environment.
How can I change that date?
Asked
Active
Viewed 36 times
1 Answers
1
You cannot set it to an arbitrary value, but you can set it to the current date via the following steps:
Get the account:
$user = Get-ADUser -Identity $UserName -Properties pwdLastSetSet the value to 0:
$user.pwdLastSet = 0 Set-ADUser -Instance $userSet the value to -1:
$user.pwdLastSet = -1 Set-ADUser -Instance $user
After that, the account behaves as if the password has just been changed.
Semicolon contributed through the comments, that you can also achieve the above through:
Set-ADUser -Identity $UserName -ChangePasswordAtLogon $true | Set-ADUser -ChangePasswordAtLogon $false
FYI, you can apply the same logic to local accounts:
net user $UserName /LOGONPASSWORDCHG:YES
net user $UserName /LOGONPASSWORDCHG:NO
stackprotector
- 445
- 1
- 3
- 20