Reset Password Expiration

Resetting the password expiration in Active Directory might come in handy when a user’s password has expired and don’t have the chance to change it yet (perhaps due to network restrictions).
The Help Desk team, rather than resetting the user’s password, can reset the password expiration time without compromising security by knowing the temporary password.
Obviously, changing password is itself a security issue, so this should not be used just because you’re too bored to change your own account’s password. 🙂
Note that what you’re going to perform is not resetting the password expiration value but you’re resetting the last password set date.

There are three ways of doing this, via Active Directory Users and Computers, via ADSI Edit and via Powershell.

Active Directory Users and Computers (ADSI is very similar once you open the Object’s properties)

  1. Open Active Directory Users and Computers
  2. Click on View and select Advanced Features
    • active-directory-users-and-computers_advanced-features
  3. Now open up the object for which you want to reset the password expiration and go to the Attribute Editor‘s tab.
  4. Click once on the Attribute column, this will sort it by name.
  5. Scroll down to pwdLastSet.
    • active-directory-users-and-computers_attribute-editor-pwdlastset
  6. Click Edit, delete the current entry, type 0 (zero) and click Ok.
    • active-directory-users-and-computers_pwdlastset-0
  7. Click Ok to save the changes.
  8. Open the object again, repeat the steps above to reach the pwdLastSet attribute and, this time, assign -1 and click Ok and Ok again to save the changes. This will reset the password last set to “now”.
    • active-directory-users-and-computers_pwdlastset_-1


This one’s my favourite because it’s quick and easy. Run Powershell from a machine where Active Directory’s powershell module is installed (a domain controller will do). Make sure you have admin rights on the target user (or make sure you run powershell as an administrator).
Finally, run the following commands (they’re all commented to make it easier for you to understand the steps).


Leave a Reply

Your email address will not be published. Required fields are marked *