Without hacking into LSASS this isn't possible except for being able to write a 0 or -1 which will set or clear the "password must be changed on next logon" flag.
What you may consider doing is setting your test lab password policy to about 1 or 2 days and then you don't have to wait an exceedingly long time. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rex Wheeler Sent: Monday, June 16, 2003 1:05 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Updating pwdLastSet We are doing some integration work allowing other platforms (unix) to authenticate against Active Directory. We have succeeded in making this happen but are running into testing challenges. We would like to be able to write test scripts to verify that account and password expiration logic is working correctly. For example we want to test that if you have a policy that says you must change your password every 30 days and you last changed your password 25 days ago, you should get a warning message saying that you have 5 days to change your password. The problem is that we can't seem to update the pwdLastSet attribute. How can the value of this attribute be set? If it can not, does anyone have any ideas how to test such expiration logic without spending days of wall clock time? Thanks, Rex List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
