RE: [ActiveDir] Set UserAccountControl

[Dan Holme]

Title: Set UserAccountControl

I may be talking out of my butt here, but I think that you may be running into an issue of the version of AD you’re using.   I have a vague recollection that I ran into this problem and needed to set the pwdLastSet attribute, rather than the User Account Control, to force pw to change at next logon… I’m leaning towards the thought that you CAN’T set that attribute that way… perhaps you’ve tried doing it separately and it worked?  In which case, forget what I just said.   Otherwise, look into it…   Dan       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, August 03, 2005 6:09 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Set UserAccountControl   I’m just curious to know why, if you don’t mind, you need to set both at the same time.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fernandez Rego, Ramon Sent: 03 August 2005 14:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Set UserAccountControl   Thanks, i know but i need it.   Your suggestion is good and i will do what you say if i don't have another possibility     -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Peter Johnson Enviado el: miércoles, 03 de agosto de 2005 14:30 Para: ActiveDir@mail.activedir.org Asunto: RE: [ActiveDir] Set UserAccountControl AFAIK these are mutually exclusive. Why would you need both? If you want to force at least one password change and then have it never expire you could create the account with the “User Must Change password at next logon” property to on and then have your script check the state of the Change password property and if it’s clear then set the Password never sets flag.   You certainly can’t , IIRC, create or set both at the same time.   Regards Peter Johnson   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fernandez Rego, Ramon Sent: 03 August 2005 14:22 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Set UserAccountControl   Hi, Is there any possibility of setting both properties? "Password never expires" and "User must change password at next logon" I tried with this script, but i can't: ------------------------------ Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" m=0 strOU = "cn=test,ou=usuarios,ou=XXXXXXX" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.Properties ("Size Limit")= 1001 objCommand.Properties ("Cache Results")= False objCommand.Properties("Page Size") = 1001 objCommand.CommandText = _   "<LDAP://"& strOU &",dc=asp,dc=mundo-r,dc=com>;(objectCategory=user)" & _   ";distinguishedName,name,mail,ADsPath;subtree" Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF   strADsPath = objRecordset.Fields("ADsPath")   Set objUser = GetObject(strADsPath)   objUser.Put "UserAccountControl" , "524288"   ' 0x80000 + 0x10200 = pass never exp + user must change   objUser.SetInfo   wscript.echo strADsPath & ";" & objUser.UserAccountControl   m=m+1   objRecordSet.MoveNext Wend objConnection.Close wscript.echo "Numero objetos afectados: " &m ------------------------------------------------------------------------------   Thanks, Moncho ************************************************************************************************** Este mensaje se dirige exclusivamente a su destinatario. Puede contener información privilegiada, confidencial o legalmente protegida. Si ha recibido este mensaje por error le rogamos que lo borre inmediatamente, así como todas sus copias, y lo comunique al remitente. En virtud de la legislación vigente está prohibida la utilización, divulgación, copia o impresión sin autorización. No existe renuncia a la confidencialidad o privilegio por causa de una transmisión errónea. ************************************************************************************************** ************************************************************************************************** Este mensaje se dirige exclusivamente a su destinatario. Puede contener información privilegiada, confidencial o legalmente protegida. Si ha recibido este mensaje por error le rogamos que lo borre inmediatamente, así como todas sus copias, y lo comunique al remitente. En virtud de la legislación vigente está prohibida la utilización, divulgación, copia o impresión sin autorización. No existe renuncia a la confidencialidad o privilegio por causa de una transmisión errónea. **************************************************************************************************