Usng ADFind.exe freeware and
AdMod.exe freeware, I have scripted PwdNX.bat to set
the DONT_EXPIRE_PASSWORD bit of the UserAccountControl attribute, on or off.
The syntax for using PwdNX.bat is:
PwdNX UserDN Y|N
Where UserDN is the user's distinguishedName, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM", and Y|N is a Y to set Password never expires on, or a N to set Password never expires off.
PwdNX.bat contains:
@echo off
setlocal
if \{%2\}==\{\} goto err
set userdn=%1
set YN=%2
set /a pnx=65536
set /a upnx=0
if /i "%YN%" EQU "Y" goto swok
if /i "%YN%" NEQ "N" goto err
:swok
set /a userAccountControl=999999999
call :getusr>nul 2>&1
if %userAccountControl% EQU 999999999 goto usrnf
if /i "%YN%" EQU "N" goto setoff
set /a upnx=%userAccountControl% ^& %pnx%
if %upnx% EQU %pnx% goto finish
set /a userAccountControl=%userAccountControl% ^| 65536
call :updusr>nul 2>&1
goto finish
:setoff
set /a upnx=%userAccountControl% ^& %pnx%
if %upnx% NEQ %pnx% goto finish
set /a userAccountControl=%userAccountControl% ^^ 65536
call :updusr>nul 2>&1
:finish
endlocal
goto :EOF
:err
@echo Syntax: PwdNX UserDN Y^|N
endlocal
:usrnf
@echo Syntax:PwdNX UserDN Y^|N - %userdn% NOT found.
endlocal
goto :EOF
:getusr
for /f "Tokens=2 Delims=: " %%a in ('adfind -b %userdn% -nodn -noctl userAccountControl^|find /i "userAccountControl"') do (
set /a userAccountControl=%%a
)
goto :EOF
:updusr
admod -b %userdn% "userAccountControl::%userAccountControl%"
0 comments
Hide comments
