Users are now returning to work from furlough caused by the COVID-19 pandemic. Many passwords have expired by having not been changed and can cause a large number of Help Desk calls that can be avoided. Here are the steps to reset the clock on your password policy for user accounts. It will for example if you had a 90 day password reset policy set the password last set date to the current date/time.
Extend Expired Password Using Powershell:
- On a machine with access to Active Directory launch Powershell as Administrator.
- Run the following command to reset the pwdlastset attribute to 0.
1Set-ADUser -Identity username -Replace @{pwdlastset="0"} - Next run the command to reset the pwdlastset attribute to -1.
1Set-ADUser -Identity username -Replace @{pwdlastset="-1"}
IMPORTANT: You need to run both commands do not just set to -1 or it will not work correctly.
Extend Expired Password Using the Active Directory Users and Computers:
- Open Active Directory Users and Computers
- Browse to the User (do not open through search you will not see the Attribute editor tab)
- Locate the PwdLastSet attribute on the attribute tab.
- Double click pwdlastset to open this attribute and set to 0. Click ok and Apply.
- Next open back up the pwdlastset attribute and set it to -1. Click ok and Apply.