Change PwdLastSet v1.0

Script is specially build for VDI Environments with Windows 7 clients


Problem Case:

When a user is logged in his desktop and he is away from his desktop and the screen is locked.

In the meantime the password expires and user wants to login again, Windows 7 is telling you to change your password.

To change the password a user have to click 'Switch User'. When he does the RDP connection is closed, the user is returning to the Webportal to login again. Very confusing and time consuming for the user.


Problem Solution:

To solve the irritating situation I created this script to change the 'Password last change' to the night (in my example to 23:00h) for all users who changed their password during the last x hours (for me 23). Most of the users login during daylight hours.

When users login in the morning, they directly get an Password Expiration warning to change their password and not during the day on an unappropriate time.

The script is not changing the real expire date/time, but it is change the Last Password (AD User Property 'PwdLastSet').

This property will be set to the current date and time, so when the script is run.

PwdLastSet + PasswordPolicy = Password Expiration


Example user:

Password policy for this user is: change password policy every 100 days

  •  08:15h : UserA logs in to his desktop and get the message to change his password. The user is changing his password and works all day without problems.
  • 23:00h : This script is running and is checking which users changed their password for the last 23 hours. The script will change for all these users their 'PwdLastSet' attribute to the current date and time
  • 100 days later at 23:00h the password for UserA will expire.
  • The next morning when UserA comes in the building he gets prompt to change his password again.