Hello, does anybody please know how set the checkbox "User must change password at next logon" for a new user in Active directory?
In VBScript it is done by: obj.Put "pwdLastSet", 0 but I can't find the Net::LDAP counterpart for that (and I can't use Win32::OLE because my script runs on Linux) After reading http://support.microsoft.com/kb/305144 I've tried setting 0x800000 bit in userAccountControl - but it doesn't work (the user is created fine though): use constant NORMAL_ACCOUNT => 0x200; use constant PASSWORD_EXPIRED => 0x800000; $result = $ldap->add($dn, attr => [ objectClass => 'user', #objectClass => [qw(top person organizationalPerson user)], sAMAccountName => $uid, userPrincipalName => $uid . '@' . DOMAIN, givenName => $first, sn => $last, displayName => $fullname, description => $fullname, mail => $mail, l => $city, physicalDeliveryOfficeName => $city, company => $company, ] ); $result->code && die 'Failed to add entry: ', $result->error; $charmap = Unicode::Map8->new('latin1') or die $!; $unipwd = $charmap->tou('"' . $password . '"')->byteswap()->utf16(); $result = $ldap->modify($dn, add => { unicodePwd => $unipwd } ); $result->code && die 'Failed to modify entry: ', $result->error; $result = $ldap->modify($dn, replace => { userAccountControl => NORMAL_ACCOUNT | PASSWORD_EXPIRED } ); $result->code && die 'Failed to modify entry: ', $result->error; Any hints please? Alex PS: I'm so happy I can work with Perl after I've finally enabled LDAP/SSL in our domain controllers...
