Active Directory Extend Password Expiry

So what happens if you you’re administering active directory in an enterprise environment and someone’s password expires, but they can’t get to a terminal to change it?


Ok, first of all, sorry to NixieGuy for this not being a potato post.  I promise something epic shortly.

For the active directory problem, you should read the manual again and find the best practices for this problem because I guarantee you it has been covered.  But failing all that, the other option is to open a powershell and use the following script.  You can’t specify what date you want it to expire but it should renew it for another period of whatever you have your default expiry for the domain set to:

$users = “bloogsj” # throw in user names here to bounce their password expiry.

foreach ($user in $users)
Get-ADUser $user | Set-ADAccountControl -PasswordNeverExpires $false
$TargetUser = Get-ADUser -Filter {sAMAccountName -eq $user}
$uObj = [ADSI]”LDAP://$TargetUser”
$uObj.put(“pwdLastSet”, 0)
$uObj.put(“pwdLastSet”, -1)



2 comments on “Active Directory Extend Password ExpiryAdd yours →

    1. Haha, ok I promise ‘a’ post today then. It was too late to fire up the angle grinder last night. Yes, the potato post required an angle grinder. This will be a less than epic post though because I killed some of the hardware I intended for the potato.

Leave a Reply

Your email address will not be published. Required fields are marked *