Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Writing to ACL via scripts in order to change AD field

AndyH1 (Programmer) (OP)
7 Oct 11 4:19
I'm not familiar with Powershell (or AD for that matter), being mainly a .net programmer so hope people will bear with me.

Ive been asked to write a script that once a users password in Active Directory has been set as expired the ability of the user to reset their password is revoked.

Basically the script should run through the AD entries and where it encounters pwdLastSet = 0 (ie password expired) it should set the property 'revoke the users privilege to reset their user password' as they want the user to set it indirectly through another app once expired.

Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is 'read only'. As I understand the privilege has to be set through modification of the users Access Control List (ACL).

Could someone advise me on how to do this in PowerScript. Also how would you ensure the ACL value changed corresponds with the entry where pwdLastSet = 0.

I hope someone can help and thankyou
Andy
 

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close