Amending Password Last Set Attribute

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 4 months ago.

  • Author
    Posts
  • #6227

    by Neph09 at 2012-12-07 08:24:37

    Hi,

    I have just started using power shell and exchange powershell and journeying through the process of creating my own scripts with the help of the web.

    After abit of work i managed to create:

    Get-Content C:\Scripts\Users.txt | Set-QADUser -Identity {$_} -PasswordNeverExpires $false

    However what i also want to do within the same script to all users part of the Users.txt file is change the "pwdLastSet" attribute to 0 and confirm and then set it to -1 and confirm,

    Having tested manually this does exactly what i want it to but i am unsure how to make it do that after my original part of the script:

    Get-Content C:\Scripts\Users.txt | Set-QADUser -Identity {$_} -PasswordNeverExpires $false

    Just wondered if anyone could advise, and also point me in the direction of good learning material.

    by Neph09 at 2012-12-07 08:53:54

    I think i may have just solved this myself but for any Pro's out there is this correct as it appears to be working:

    Get-Content C:\Scripts\Users.txt | Set-QADUser -Identity {$_} -PasswordNeverExpires $false
    Get-Content C:\Scripts\Users.txt | Set-QADUser -ObjectAttributes @{pwdLastSet='0'}
    Get-Content C:\Scripts\Users.txt | Set-QADUser -ObjectAttributes @{pwdLastSet='-1'}

    Essentially it removes the Password Expire value.
    Sets The system to think the password has never expired
    Sets the system to know the password has been changed today without the password changing

    by Neph09 at 2012-12-10 06:34:43

    [quote="Neph09"]I think i may have just solved this myself but for any Pro's out there is this correct as it appears to be working:

    Get-Content C:\Scripts\Users.txt | Set-QADUser -Identity {$_} -PasswordNeverExpires $false
    Get-Content C:\Scripts\Users.txt | Set-QADUser -ObjectAttributes @{pwdLastSet='0'}
    Get-Content C:\Scripts\Users.txt | Set-QADUser -ObjectAttributes @{pwdLastSet='-1'}

    Essentially it removes the Password Expire value.
    Sets The system to think the password has never expired
    Sets the system to know the password has been changed today without the password changing[/quote]

    Can anyone advise how i get it to continue even if it hits an error.

    So i am running this against 200 users but it threw an error:

    Set-QADUser : Ambiguous identity: XXXXXXX.

    At C:\Scripts\Remove Password Expires.ps1:3 char:47
    + Get-Content C:\Scripts\Users.txt | Set-QADUser < <<< -ObjectAttributes @{pwdLastSet='-1'}
    + CategoryInfo : NotSpecified: (:) [Set-QADUser], IdentityException
    + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.BusinessLogic.IdentityException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet

    I want it to carry on processing however it doesn't and just stops.

    by ArtB0514 at 2012-12-10 10:42:48

    Why not just look up the user once and use a Try-Catch block to handle the errors? Note that I didn't check your logic to see if it was correct or not, so there may be other errors.

    Get-Content C:\Scripts\Users.Txt | foreach {
    Try {
    $User = Get-QADUser $_ -ErrorAction Stop
    $User | Set-QADUser -PasswordNeverExpires $false -ObjectAttributes @{pwdLastSet='0'}
    $User | Set-QADUser -ObjectAttributes @{pwdLastSet='-1'}
    }
    Catch {}
    }

You must be logged in to reply to this topic.