Adaxes

Set Password Last Set Property

0 votes

I'm trying to expire a users password by setting the pwdLastSet attribute to 0 and I figured I could do it in Adaxes pretty easily by setting the Password Last Set property, but I'm encountering two problems. First problem is that when I try to change it I only get three options: Unspecified, Never or set a specific date. Perhaps one of these is equal to setting it to 0, but I'm not sure because of my second problem which is whenever I try to modify this property I get a red exclamation mark in the tree view on the left of the Administration Console with an error that says "A device attached to the system is not functioning", if I click on that error then on the right-hand side of the Administration Console it shows the description and says "The parameter is incorrect. (Server: ourdomain.com)

My question is two fold. One why am I getting the error and two is this the best way to expire a password?

Thanks!

by (520 points)

1 Answer

0 votes
by (216k points)

Hello,

To expire a user's password, you need to set the User must change password at next logon flag in the user's Account Options. This will force the user to change password next the user logs on. To set the flag with the help of a Business Rule, Scheduled Task or Custom Command, you need to add the Modify Account Options action that sets the flag. To do this:

  1. Add the Modify Account Options action to your Business Rule, Scheduled Task or Custom Command.
  2. In the Action Parameters section, check the first and the second checkboxes opposite the User must change password at next logon option.

As to why setting the Password Last Set property to a certain value caused the error, this happens because you are allowed to set the property only to Unspecified (which is the same as setting it to 0). This is the only value that should not cause the error. Setting the value to Never or a certain date will cause the error, because this is reserved to use by the system as per Active Directory design. You are not supposed to set these values manually.

Also, simply setting Password Last Set to 0 will not cause password expiration. A user is forced to change password at next logon if all of the following three conditions are met:

  • The Password Last Set property is set to 0.
  • The Password never expires flag in the user's account options is set to False.
  • The User cannot change password flag in the user's account options is set to False.

If you use the Modify Account Options action mentioned above to force a user to change his/her password, the Password never expires and the User cannot change password flags will be set to False automatically. However, if, for some reason, you don't want to use the action, you'll need to manually set the flags to False in order to force the user to change a password.

Related questions

0 votes
1 answer
How to define der Property "IP Phone" by default as the last 4 digits of the property "Telephone Number" ?

To avoid typos at the user creation, I want if it is possible to define der Property "IP Phone" by default as the last 4 digits of the property "Telephone Number" ? Thanks

asked Oct 11, 2022 by boris (470 points)
0 votes
1 answer
Password Last Changed Date

Is there a way to show the password last set (pwdLastSet) time/date in the web interface? I tried looking for it in the attribute list to add to a user view but couldn't find it. Thanks Ryan

asked Apr 9, 2014 by ryan_breneman (920 points)
0 votes
1 answer
Set a computer property pattern for new objects in a business unit

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
0 votes
0 answers
Set Password to Not Visible by default

Hello! I have a request from our security team to set all fields where a password can be entered to be not visible by default. I've noticed on the create user page the password ... a way to change the default behavior even if I have to get into the html page.

asked Nov 20, 2015 by drew.tittle (810 points)
0 votes
1 answer
Password set error during account creation

Occasionally, we get the following error message during account creation: "The password wasn't set because of the following error: Directory object not found." The account ... We then reset the password in a subsequent operation. Any ideas about this? Thanks

asked Mar 19, 2012 by BradG (950 points)
3,350 questions
3,051 answers
7,791 comments
545,068 users