Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Writing to ACL via scripts in order to change AD field

Writing to ACL via scripts in order to change AD field

Writing to ACL via scripts in order to change AD field

I'm not familiar with Powershell (or AD for that matter), being mainly a .net programmer so hope people will bear with me.

Ive been asked to write a script that once a users password in Active Directory has been set as expired the ability of the user to reset their password is revoked.

Basically the script should run through the AD entries and where it encounters pwdLastSet = 0 (ie password expired) it should set the property 'revoke the users privilege to reset their user password' as they want the user to set it indirectly through another app once expired.

Whilst the 'User cannot change their password' attribute is visible in the LDAP as a bit in the userAccountControl attribute this bit is 'read only'. As I understand the privilege has to be set through modification of the users Access Control List (ACL).

Could someone advise me on how to do this in PowerScript. Also how would you ensure the ACL value changed corresponds with the entry where pwdLastSet = 0.

I hope someone can help and thankyou

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close