Changing PWDLASTSET in Active Directory

Changing PWDLASTSET in Active Directory

There are times when you need to make a password policy change that could affect your users, for example let’s say your password policy is currently s

Testing SSL and TLS with PowerShell
Moving files up a folder level
Removing an installed Windows Update

There are times when you need to make a password policy change that could affect your users, for example let’s say your password policy is currently set to 90 days to expiration, however you need to implement a new policy that is 60 days to expiration. You could have some users that are already past 60 days and implementing the new policy could immediately expire their account.

This script will enable you to set user account PWDLASTSET to today’s date, effective setting them all back to zero days. You should run this on your domain controller where the user accounts reside:

$users = “user1″,”user2″,”user3″,”user4”
Foreach ($username in $users){
$user = Get-ADUser -identity $username -properties pwdlastset
#Before Changed
[datetime]::FromFileTime($user.pwdlastset)
$user.pwdlastset =0
set-aduser -Instance $user
$user.pwdlastset = -1
set-aduser -Instance $user
$user = Get-ADUser -identity $username -properties pwdlastset
#After Changed
[datetime]::FromFileTime($user.pwdlastset)
}

COMMENTS

WORDPRESS: 0