Account Expire and Password does not expire

Account Expire and Password does not expire

Post by Sam Doyl » Sat, 03 May 2003 01:17:10



Hello,
I am trying to programmatically create a some users whose accounts DO expire
but whose passwords DO NOT expire.

Here is the code:

option explicit
Dim intCustNum, strCustID, objParent, objUser, StrParent, strCN,
strPassword, strUPN, strSAMName, strScriptPath, strProfilePath,
strDescription, strAccountExpireDate
intCustNum = 123
strCustID = "test"

strParent = "OU=" & strCustID & ",OU=clients,DC=domain,DC=com"
strCN = "CN=123test3"
strSAMName = "123test3"

strPassword = "password"
strScriptPath = "000.bat"
strProfilePath = "\\server\mn000testsch\%username%"
strDescription = "Test User"
strAccountExpireDate = Date + 31
Set objParent = GetObject("LDAP://" & strParent)
Set objUser = objParent.Create("user", strCN)

'  Populate user object
objUser.Put "sAMAccountName", strSAMName
objUser.Put "userPrincipalName", strUPN
objUser.Put "ScriptPath", strScriptPath
objUser.Put "ProfilePath", strProfilePath
objUser.Put "description", strDescription
objUser.SetInfo

' Set password on user object
objUser.SetPassword strPassword
objUser.AccountDisabled = False
objUser.SetInfo

This all works fine so far, but I want to set the account expire date this
user and check the password never expires check box.
To set the account expiration date I tried:

'  Populate user object
...
objUser.Put "accountExpires", strAccountExpireDate

But that returns an "unspecified error"

And for the password does not expire checkbox I havn't been able to figure
out what to "put" to set this.

All suggestions graciously accepted....

Thanks,

--

Sam Doyle
remove MY SHOES to reply

 
 
 

Account Expire and Password does not expire

Post by <askme> » Sat, 03 May 2003 02:18:27


'set user cannot change password
Flags = User.Get("UserFlags")
User.Put "UserFlags", Flags OR &H00040
User.SetInfo

'set user password never expires
Flags = User.Get("UserFlags")
User.Put "UserFlags", Flags OR &H10000
User.SetInfo

Password never expires, user cannot change password, and a few others are
flags that need to be set.

> Hello,
> I am trying to programmatically create a some users whose accounts DO
expire
> but whose passwords DO NOT expire.

> Here is the code:

> option explicit
> Dim intCustNum, strCustID, objParent, objUser, StrParent, strCN,
> strPassword, strUPN, strSAMName, strScriptPath, strProfilePath,
> strDescription, strAccountExpireDate
> intCustNum = 123
> strCustID = "test"

> strParent = "OU=" & strCustID & ",OU=clients,DC=domain,DC=com"
> strCN = "CN=123test3"
> strSAMName = "123test3"

> strPassword = "password"
> strScriptPath = "000.bat"
> strProfilePath = "\\server\mn000testsch\%username%"
> strDescription = "Test User"
> strAccountExpireDate = Date + 31
> Set objParent = GetObject("LDAP://" & strParent)
> Set objUser = objParent.Create("user", strCN)

> '  Populate user object
> objUser.Put "sAMAccountName", strSAMName
> objUser.Put "userPrincipalName", strUPN
> objUser.Put "ScriptPath", strScriptPath
> objUser.Put "ProfilePath", strProfilePath
> objUser.Put "description", strDescription
> objUser.SetInfo

> ' Set password on user object
> objUser.SetPassword strPassword
> objUser.AccountDisabled = False
> objUser.SetInfo

> This all works fine so far, but I want to set the account expire date this
> user and check the password never expires check box.
> To set the account expiration date I tried:

> '  Populate user object
> ...
> objUser.Put "accountExpires", strAccountExpireDate

> But that returns an "unspecified error"

> And for the password does not expire checkbox I havn't been able to figure
> out what to "put" to set this.

> All suggestions graciously accepted....

> Thanks,

> --

> Sam Doyle
> remove MY SHOES to reply


 
 
 

Account Expire and Password does not expire

Post by Mark Oluper [MSFT » Sat, 03 May 2003 02:50:40


The following script excerpt will set the accountExpires value and the
'password never expires' option. Note that there are other flags set in the
userAccountControl attribute and therefore you must retrieve the value
first, add the new flag and then set the new value.

Const ADS_UF_DONT_EXPIRE_PASSWD = &H0010000

objUser.AccountExpirationDate = #06/30/2003#

lngUserAccountControl = objUser.Get("userAccountControl")
lngUserAccountControl = lngUserAccountControl + ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userAccountControl", lngUserAccountControl

objUser.SetInfo

--
Mark Oluper
Directory Services

This posting is provided "AS IS" with no warranties, and confers no rights.


> Hello,
> I am trying to programmatically create a some users whose accounts DO
expire
> but whose passwords DO NOT expire.

> Here is the code:

> option explicit
> Dim intCustNum, strCustID, objParent, objUser, StrParent, strCN,
> strPassword, strUPN, strSAMName, strScriptPath, strProfilePath,
> strDescription, strAccountExpireDate
> intCustNum = 123
> strCustID = "test"

> strParent = "OU=" & strCustID & ",OU=clients,DC=domain,DC=com"
> strCN = "CN=123test3"
> strSAMName = "123test3"

> strPassword = "password"
> strScriptPath = "000.bat"
> strProfilePath = "\\server\mn000testsch\%username%"
> strDescription = "Test User"
> strAccountExpireDate = Date + 31
> Set objParent = GetObject("LDAP://" & strParent)
> Set objUser = objParent.Create("user", strCN)

> '  Populate user object
> objUser.Put "sAMAccountName", strSAMName
> objUser.Put "userPrincipalName", strUPN
> objUser.Put "ScriptPath", strScriptPath
> objUser.Put "ProfilePath", strProfilePath
> objUser.Put "description", strDescription
> objUser.SetInfo

> ' Set password on user object
> objUser.SetPassword strPassword
> objUser.AccountDisabled = False
> objUser.SetInfo

> This all works fine so far, but I want to set the account expire date this
> user and check the password never expires check box.
> To set the account expiration date I tried:

> '  Populate user object
> ...
> objUser.Put "accountExpires", strAccountExpireDate

> But that returns an "unspecified error"

> And for the password does not expire checkbox I havn't been able to figure
> out what to "put" to set this.

> All suggestions graciously accepted....

> Thanks,

> --

> Sam Doyle
> remove MY SHOES to reply

 
 
 

1. Can User Account Password be set to expire on a date?

Hi,

In principle I think it could be done, but it would be a
challenge.

The domain has one Maximum Password Age policy that
applies to all users (except those whose password does not
expire, or those that cannot change their password). Each
user object has a PwdLastSet attribute, representing the
date and time the password was last set. In principle,
PwdLastSet + MaxPwdAge equals the date the password
expires.

Challenge 1 is that PwdLastSet is not a replicated
attribute, so you have to query every domain controller in
the domain for the max value. Challenge 2 is that while
MaxPwdAge is in days, PwdLastSet is Integer8 (64-bit). I
think VB (or C) would be required to set a value.

If the expiration date you desire is sooner than the
current expiration date for the user, you only have to set
a value for PwdLastSet on one domain controller. The value
would be DesiredExpirationDate - MaxPwdAge. It appears
that Domain Administrators can set the value, but I have
not found VBScript code that can set Integer8 values.

Richard

2. All SQA Suite users

3. Cant SET 'user cant change password' AND 'password never expires'

4. Fuzzy tools

5. Your Account at Mail.china.com has expired.

6. pdf to htlm site not workin

7. Guest Account Expired

8. Cayman 3220-H DSL Router 4-sale

9. Win98 can't access NT ws: user account expired???

10. Need Help Please! Expire accounts?

11. Expired accounts?

12. Search For Expired Accounts

13. How to retrieve a list of user accounts that will expire.