0 votes

I'm trying to expire a users password by setting the pwdLastSet attribute to 0 and I figured I could do it in Adaxes pretty easily by setting the Password Last Set property, but I'm encountering two problems. First problem is that when I try to change it I only get three options: Unspecified, Never or set a specific date. Perhaps one of these is equal to setting it to 0, but I'm not sure because of my second problem which is whenever I try to modify this property I get a red exclamation mark in the tree view on the left of the Administration Console with an error that says "A device attached to the system is not functioning", if I click on that error then on the right-hand side of the Administration Console it shows the description and says "The parameter is incorrect. (Server: ourdomain.com)

My question is two fold. One why am I getting the error and two is this the best way to expire a password?

Thanks!

by (520 points)

1 Answer

0 votes
by (216k points)

Hello,

To expire a user's password, you need to set the User must change password at next logon flag in the user's Account Options. This will force the user to change password next the user logs on. To set the flag with the help of a Business Rule, Scheduled Task or Custom Command, you need to add the Modify Account Options action that sets the flag. To do this:

  1. Add the Modify Account Options action to your Business Rule, Scheduled Task or Custom Command.
  2. In the Action Parameters section, check the first and the second checkboxes opposite the User must change password at next logon option.

As to why setting the Password Last Set property to a certain value caused the error, this happens because you are allowed to set the property only to Unspecified (which is the same as setting it to 0). This is the only value that should not cause the error. Setting the value to Never or a certain date will cause the error, because this is reserved to use by the system as per Active Directory design. You are not supposed to set these values manually.

Also, simply setting Password Last Set to 0 will not cause password expiration. A user is forced to change password at next logon if all of the following three conditions are met:

  • The Password Last Set property is set to 0.
  • The Password never expires flag in the user's account options is set to False.
  • The User cannot change password flag in the user's account options is set to False.

If you use the Modify Account Options action mentioned above to force a user to change his/her password, the Password never expires and the User cannot change password flags will be set to False automatically. However, if, for some reason, you don't want to use the action, you'll need to manually set the flags to False in order to force the user to change a password.

Related questions

0 votes
1 answer

I am experiencing that I can no longer use computed results such as password expiration date, days left, and so on. Is there any known cause of this? I have ... When sending an email through Scheduled Task, the parameter sends null data in the email.

asked 1 day ago by Daniel (160 points)
0 votes
1 answer

In the web interface, when a user logs on, how can i show when was the last time the user changed their password? I would like it to be a static content.

asked May 17 by rechevarria (40 points)
0 votes
1 answer

To avoid typos at the user creation, I want if it is possible to define der Property "IP Phone" by default as the last 4 digits of the property "Telephone Number" ? Thanks

asked Oct 11, 2022 by boris (530 points)
0 votes
1 answer

Is there a way to show the password last set (pwdLastSet) time/date in the web interface? I tried looking for it in the attribute list to add to a user view but couldn't find it. Thanks Ryan

asked Apr 9, 2014 by ryan_breneman (920 points)
0 votes
1 answer

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
3,548 questions
3,238 answers
8,232 comments
547,813 users