Active directory account user setup

Microsoft Windows xp pro with sp3 multil...
May 2, 2011 at 15:05:15
Specs: Windows 7
Hello everyone,

I would like it so when I create a new user in Activer directory 2003 I'm able to select user must change password at next logon and password never expires. Does anybody know how to do this? Currently when I try I get check both boxes it unchecks one of them.

Basically, I want it so when a new user logins they change their password and it never expires.

IT TECH, stuck on helpdesk


See More: Active directory account user setup

Report •

#1
May 2, 2011 at 15:30:58
how is a password never going to expire if it hasn't been set?
once they have logged in you can set to never expire though you are going contrary to all good security practices.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#2
May 2, 2011 at 16:13:42
Thanks for the response, so do you know if it's possible that once the user changes their password at first logon it can be automatically set to never expire or do I have to go into AD each time and check the box off?

IT TECH, stuck on helpdesk


Report •

#3
May 2, 2011 at 16:20:50
http://www.petri.co.il/forums/showt...

should be a good read for you

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
September 29, 2011 at 22:27:29
you can try for the following script:

onst ADS_UF_DONT_EXPIRE_PASSWD = &h10000
strOU = "ou=Users"
strDomain = "yourdomain.com"

set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
set objParent = GetObject("LDAP://" & strOU & "," & objRootDSE.Get("defaultNamingContext"))

intUAC = objUser.Get("userAccountControl")
objParent.Filter = Array("user")

for each objUser in objParent
If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
else
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
end if
next

Besides this, its better to go for some third party software to manage your active directory.
There are different tools available in the market.
Many of them have the password policies. You can try the saotware from Lepide.
http://www.lepide.com/active-direct...


Report •

Ask Question