Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Marc,
To clarify this a bit more.........
The "change password at next logon" check box actually expires the password
by setting pwdLastSet = 0 see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/user_must_change_password_at_next_logon.asp
By setting the "password never expires" flag, this not only sets a specific
value on useraccountcontrol (ADS_UF_DONT_EXPIRE_PASSWD), it also unexpires
the password by setting the pwdlastset to the current time (not very well
documented...i agree)
this is definately by design as Greg indicated.
--
Glenn L
CCNA, MCSE (2000,2003) + Security
"Greg Robb" <a-grobb@online.microsoft.com> wrote in message
news:BfVPng50EHA.3436@cpmsftngxa10.phx.gbl...
> This action is by design.
>
> This is also the same reaction you will get within the GUI if you attempt
> to set both of these properties. The error message you get if you attempt
> this is: You have selected 'Password never expires'. The user will not be
> required to change the password at next logon. Within the GUI it will
> automatically deselect the "User must change password at next logon"
> checkbox.
>
> Best regards,
>
> Gregory Robb [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> --------------------
>> From: marc.schmidtmayer@gb.be (Schmidtmayer Marc)
>> Newsgroups: microsoft.public.win2000.active_directory
>> Subject: 'Change Pwd Next Logon' and 'Pwd never Expires' ?
>> Date: 25 Nov 2004 22:38:56 -0800
>> Organization:
http://groups.google.com
>> Lines: 23
>> Message-ID: <6ba0254d.0411252238.112a6c0@posting.google.com>
>> NNTP-Posting-Host: 195.234.145.3
>> Content-Type: text/plain; charset=ISO-8859-1
>> Content-Transfer-Encoding: 8bit
>> X-Trace: posting.google.com 1101451137 28482 127.0.0.1 (26 Nov 2004
> 06:38:57 GMT)
>> X-Complaints-To: groups-abuse@google.com
>> NNTP-Posting-Date: Fri, 26 Nov 2004 06:38:57 +0000 (UTC)
>> Path:
> cpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!new
> sfeed1.ip.tiscali.net!news.glorb.com!postnews.google.com!not-for-mail
>> Xref: cpmsftngxa10.phx.gbl
>> microsoft.public.win2000.active_directory:94529
>> X-Tomcat-NG: microsoft.public.win2000.active_directory
>>
>> Hi all,
>>
>> I've an application that creates users.
>> But I've got a question.
>>
>> I can set the 'Change Pwd at Next Logon'.
>> This is what I do .. and it works ;-) :
>> usr.pwdLastSet = -1
>>
>> BUT !!!
>> Whenever I set the setting 'Pwd Never Expires' ... the 'Change Pwd at
>> Next Logon' is GONE !!! Only the 'Pwd Never Expires' setting is set.
>> This my script :
>> usr.userAccountControl = ADS_UF_NORMAL_ACCOUNT +
>> ADS_UF_DONT_EXPIRE_PASSWD
>> usr.pwdLastSet = -1
>>
>> So, After this code the 'Change Pwd at Next Logon' is NOT set !
>> Why ?
>> Can't they be set togother ??
>>
>> Thanks for any help !
>> Marc.
>>
>