I'm not familiar with Powershell (or AD for that matter), being mainly a .net programmer so hope people will bear with me.
Ive been asked to write a script that once a users password in Active Directory has been set as expired the ability of the user to reset their password is revoked.
Basically the script should run through the AD entries and where it encounters pwdLastSet = 0 (ie password expired) it should set the property 'revoke the users privilege to reset their user password' as they want the user to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is 'read only'. As I understand the privilege has to be set through modification of the users Access Control List (ACL).
Could someone advise me on how to do this in PowerScript. Also how would you ensure the ACL value changed corresponds with the entry where pwdLastSet = 0.
I hope someone can help and thankyou
Andy
Ive been asked to write a script that once a users password in Active Directory has been set as expired the ability of the user to reset their password is revoked.
Basically the script should run through the AD entries and where it encounters pwdLastSet = 0 (ie password expired) it should set the property 'revoke the users privilege to reset their user password' as they want the user to set it indirectly through another app once expired.
Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is 'read only'. As I understand the privilege has to be set through modification of the users Access Control List (ACL).
Could someone advise me on how to do this in PowerScript. Also how would you ensure the ACL value changed corresponds with the entry where pwdLastSet = 0.
I hope someone can help and thankyou
Andy
