如何设置 Active Directory 用户的密码到期日期
我正在编写一个与 Active Directory 通信的应用程序,我需要测试当 Active Directory 中的用户帐户的密码距离到期日期只有几天时它的行为方式。
因此我的问题是:如何将特定 Active Directory 用户帐户的密码到期日期设置为“今天 + 2 天”之类的日期(当然,不更改密码到期策略!)。我正在寻找手动方法或编程解决方案(例如基于 VBScript 或 C#)。
我已经尝试过这两种方法:
- 使用 ADSIEdit
Set
pwdLastSet
。问题:我只能将该值更改为 0。其他值将被拒绝,错误代码为 0x57(无效参数)。 使用
IADsUser::PasswordExpirationDate
:问题:设置PasswordExpirationDate
失败,错误代码为 0x800A01BD。 (请参阅下面的代码示例。)
代码示例:
strUserName = "test97"
Set objUser = GetObject("LDAP://CN=" & strUserName & ",CN=Users,DC=mydomain,DC=com")
dtmDate = Now+2
objUser.PasswordExpirationDate = dtmDate
objUser.SetInfo
MsgBox "Successfully changed password expiration date"
I am writing an application that communicates with Active Directory and I need to test how it behaves when the password of a user account in Active Directory has only a few days until its expiration date.
Therefore my question is: how can I set the password expiration date of a particular Active Directory user account to a date like "today + 2 days" (without changing the password expiration policy, of course!). I am looking either for manual way to do that or a programmatic solution (e.g. VBScript or C# based).
I have already tried these two approaches:
Set
pwdLastSet
using ADSIEdit. Problem: I can change the value only to 0. Other values are rejected with the error code 0x57 (Invalid argument).Using
IADsUser::PasswordExpirationDate
: Problem: settingPasswordExpirationDate
fails with error code 0x800A01BD. (See code example below.)
Code example:
strUserName = "test97"
Set objUser = GetObject("LDAP://CN=" & strUserName & ",CN=Users,DC=mydomain,DC=com")
dtmDate = Now+2
objUser.PasswordExpirationDate = dtmDate
objUser.SetInfo
MsgBox "Successfully changed password expiration date"
这是不可能的。您只能将密码标记为已过期。
This is not possible. You can only mark the password as expired.