Change password expiration date in Active Directory using VBS

I'm trying to change the password expiration date for a user in Active Directory using VBScript. I have the code to obtain information about a user's password, but I can't find anything about how to change it. Any help would be greatly appreciated!

Here's my code:

Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objOU = GetObject("LDAP://CN=[username],OU=Users,OU=New York,OU=NA,OU=[domain],DC=[domain],DC=firm")

intCurrentValue = objOU.Get("userAccountControl")

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
  wscript.echo "The password does not expire."
Else
  dtmValue = objOU.PasswordLastChanged 
  Wscript.echo "The password was last changed on " & _
  DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
  "The difference between when the p开发者_运维百科assword was last set" & VbCrLf & _
  "and today is " & int(now - dtmValue) & " days"
  intTimeInterval = int(now - dtmValue)

  Set objDomainNT = GetObject("WinNT://ropesgray")
  intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  If intMaxPwdAge < 0 Then
    WScript.Echo "The Maximum Password Age is set to 0 in the " & _
      "domain. Therefore, the password does not expire."
  Else
    intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
    Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
    If intTimeInterval >= intMaxPwdAge Then
      Wscript.echo "The password has expired."
    Else
      Wscript.echo "The password will expire on " & _
      DateValue(dtmValue + intMaxPwdAge) & " (" & _
      int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
    End If
  End If
End If


'strUserPrincipalName = objOU.Get("userPrincipalName")
'strSAMAccountName = objOU.Get("sAMAccountName")
'strMaxPWAge = objOU.Get("manager")

'WScript.Echo strUserPrincipalName
'WScript.Echo strSAMAccountName
'WScript.Echo strMaxPWAge

You can use the pwdLastSet attribute to change the password expiration, but perhaps not in the way you want. pwdLastSet is the number of 100-nanosecond intervals since 12:00 am January 1, 1601. According to Microsoft documentation, this attribute accepts only two values 0 or -1.

try this :

1. Set pwdLastSet to 0, this means that the password has never been set.
2. Then, Set pwdLastSet to -1, this means that the password has just been set. So the value that appears in pwdLastSet is the current date/time.

I use to use in in W2K3 and it's still working on W2H8 R2.

You can find there a tool (sorry in french) that allow you to create date/time from number of 100-nanosecond intervals since 12:00 am January 1, 1601.

Be carefull It lengthens the password duration, which is not good for security.

I hope it helps.

JP