Recipe 6.22 Preventing a User's Password from Expiring6.22.1 ProblemYou want to prevent a user's password from expiring. 6.22.2 Solution6.22.2.1 Using a graphical user interface
6.22.2.2 Using a command-line interface> dsmod user "<UserDN>" -pwdneverexpires yes 6.22.2.3 Using VBScript' This code sets a users password to never expire ' See Recipe 4.12 for the code for the CalcBit function ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- intBit = 65536 strAttr = "userAccountControl" set objUser = GetObject("LDAP://" & strUserDN) intBitsOrig = objUser.Get(strAttr) intBitsCalc = CalcBit(intBitsOrig, intBit, TRUE) if intBitsOrig <> intBitsCalc then objUser.Put strAttr, intBitsCalc objUser.SetInfo WScript.Echo "Changed " & strAttr & " from " & _ intBitsOrig & " to " & intBitsCalc else WScript.Echo "Did not need to change " & strAttr & " (" & _ intBitsOrig & ")" end if 6.22.3 DiscussionSetting a user's password to never expire overrides any password aging policy you've defined in the domain. To disable password expiration, you need to set the bit equivalent of 65536 (i.e., 10000000000000000) in the userAccountControl attribute of the target user. 6.22.4 See AlsoRecipe 4.12 for more on modifying a bit-flag attribute and Recipe 6.24 for more on setting the userAccountControl attribute |