Usng ADFind.exe freeware and
AdMod.exe freeware, I have scripted PwdNX.bat to set
the DONT_EXPIRE_PASSWORD bit of the UserAccountControl attribute, on or off.
The syntax for using PwdNX.bat is:
PwdNX UserDN Y|N
Where UserDN is the user's distinguishedName, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM", and Y|N is a Y to set Password never expires on, or a N to set Password never expires off.
PwdNX.bat contains:
@echo off setlocal if \{%2\}==\{\} goto err set userdn=%1 set YN=%2 set /a pnx=65536 set /a upnx=0 if /i "%YN%" EQU "Y" goto swok if /i "%YN%" NEQ "N" goto err :swok set /a userAccountControl=999999999 call :getusr>nul 2>&1 if %userAccountControl% EQU 999999999 goto usrnf if /i "%YN%" EQU "N" goto setoff set /a upnx=%userAccountControl% ^& %pnx% if %upnx% EQU %pnx% goto finish set /a userAccountControl=%userAccountControl% ^| 65536 call :updusr>nul 2>&1 goto finish :setoff set /a upnx=%userAccountControl% ^& %pnx% if %upnx% NEQ %pnx% goto finish set /a userAccountControl=%userAccountControl% ^^ 65536 call :updusr>nul 2>&1 :finish endlocal goto :EOF :err @echo Syntax: PwdNX UserDN Y^|N endlocal :usrnf @echo Syntax:PwdNX UserDN Y^|N - %userdn% NOT found. endlocal goto :EOF :getusr for /f "Tokens=2 Delims=: " %%a in ('adfind -b %userdn% -nodn -noctl userAccountControl^|find /i "userAccountControl"') do ( set /a userAccountControl=%%a ) goto :EOF :updusr admod -b %userdn% "userAccountControl::%userAccountControl%"
0 comments
Hide comments