KB ID 0001272
Problem
I was setting up a Cisco ASA this week and needed to enable the ability for users to reset their domain passwords when they are about to expire. To actually test that, I needed a test user that had their password either about to expire, or actually expired. As I dint want to wait 42 days, or setup a password policy just for one user, I needed to find a ‘quick and dirty’ fix for one user.
Solution
You need to open Active Directory Users and Computers, and you need to have ‘Advanced options’ enabled. Locate your user and open their properties > Attribute Editor > Attributes > pwdLastSet.
If you want to set it to expired, then set its value to Zero.
It should change to <never>, which is not strictly true, it actually changes to 12:00AM January 1st 1601.
Note: If you set its value to -1 and apply the change it resets the attribute to the current day and time (you may need to close and reopen the property dialog to see the change).
Related Articles, References, Credits, or External Links
NA
Does there any powershell script exist to do this, or an easy tool which we could give to low level admins?
I’ve not done it. but experiment with GET-ADUser -Identity {username} -PasswordLastSet and Set-ADUser
P
$User = Get-ADUser username -properties pwdlastset
$User.pwdlastset = 0
Set-ADUser -Instance $User
$user.pwdlastset = -1
Set-ADUser -instance $User
Thank you, that worked as a charm!
+ there is:
$User = “YourSAMAccount”
Set-ADUser -Identity $User -Replace @{pwdlastset=”0″}
Set-ADUser -Identity $User -Replace @{pwdlastset=”-1″}