AD Password Policy

[danofre]

I was testing a new password policy on the default domain controller policy. We never had a password policy.
I set one to test it quick and then disabled it and restored the default.
Well it expired everyones passwords anyway.
Any idea how to reverse what I did? People are on site and do not know that thier passwords expired and cannot reset them.

 

[markdmac]

I just wipped this up for you so it has not been tested but I believe it should work to get you past the point of trouble.

Run this script to reset the PW expiration date. You need to edit the LDAP path in the script to match the location in your AD where your users are.

'==========================================================================
'
' NAME: ResetPWExpireDate.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 11/18/2004
'
' COMMENT: <comment>
'
'==========================================================================

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
    ("Select * from Win32_UserAccount")
For Each objItem in colItems
Set objUser = GetObject _
  ("LDAP://cn=" & objItem.Name & ",ou=Users,dc=Company,dc=com")
objUser.AccountExpirationDate = "12/31/2004"
objUser.SetInfo    
Next

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[danofre]

great. thank you so much. Im so screwed.
You rock!

 

[markdmac]

How did this work out for you?

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark