ADSI - Creating an AD account but not forcing a "change password on first login"

A

AC [MVP MCMS]

Having a heck of a time trying to create a ton of AD user accounts in a specific
OU without having the users be forced to change their password upon a successful
login.

After creating the account (and committing the changes), I have the following
code that works:
// password info
userEntry.Invoke("SetPassword", new object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200; //ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();

I've tried setting a value for the "pwdLastSet" property, and also trying
a few different combinations for the "userAccountControl" integer bitmap,
but no luck (either throwing exceptions or just not desireable results.

After searching various groups for solutions (managed or scripted), I'm still
at a loss, hence this posting. Any tips/pointers would be greatly appreciated.
 
M

Marc Scheuner [MVP ADSI]

After creating the account (and committing the changes), I have the following
code that works:
// password info
userEntry.Invoke("SetPassword", new object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200; //ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();
Click to expand...

You just got the ADS_UF_DONT_EXPIRE_PASSWD wrong - that's all ;-)

0x0200 is "normal account"
0x2000 is "don't expire password"

and combined it would be 0x2200

Try setting it to that value - it ought to work if you do!;-)

HTH
Marc
 
A

AC [MVP MCMS]

Thanks for the reply Mark, unfortunately it didn't work, however you got
me in the right direction.

The hex you need to assign to the "userAccountControl" property is 0x220,
not 0x2200 (that was throwing a COMException). I also had to remove the line
containing the "pwdLastSet" property.

Thanks!

--
-AC [MVP MCMS]
http://www.andrewconnell.com
http://www.andrewconnell.com/mvp
After creating the account (and committing the changes), I have the
following
code that works:
// password info
userEntry.Invoke("SetPassword", new
object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200;
//ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();
Click to expand...
You just got the ADS_UF_DONT_EXPIRE_PASSWD wrong - that's all ;-)

0x0200 is "normal account"
0x2000 is "don't expire password"
and combined it would be 0x2200

Try setting it to that value - it ought to work if you do!;-)

HTH
Marc
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Setting a password on an AD account... 9
Changing (not setting) a user password trough LDAP 0

Top