Extend User Password Expiry

When you have users that travel for weeks at a time it is likely that you are going to encounter a point when they need to have their password extended so that it does not expire while they are overseas. In this article you will be able to reset the “Last Set Date” so that the user will have x number of days before their password expires again where x = the amount of days that you set in your domain password policy.

Step One:
Enable Advanced Features from the view menu under “Active Directory Users and Computers” or dsa.msc

Step Two:
Find the user account in question, searching for the user account limits the options that you will have and will not let you access the attribute editor so you will have to navigate to the user’s account under your active directory structure.

Step Three:
Open the attribute editor tab under properties on that user account and scroll down until you find pwdLastSet you will see that this contains the date that the user last set their password.

Step Four:
Set the pwdLastSet field to equal 0 and press ok then close properties. Reopen properties and navigate back to the pwdLastSet under the attribute editor, you will notice that the field now says “Never”.

Step Five:
Change the pwdLastSet to equal -1 and then click ok and close properties, now when you reopen the attribute editor you should see today’s date in the pwdLastSet field.

You can confirm that this has taken effect by running the following from a command prompt and replacing USERNAME with the name of your user:

net user /domain "USERNAME"

This command will return all variables about that user account including password expiry. Do not forget to go and untick “Password Never Expires” from the dsa.msc otherwise your user will never have to change that password again.

Hope this helps