Active Directory Expired Password Refresh

July 21, 2022 — #Active Directory #PowerShell

A very useful script to refresh an expired password for a user account in Active Driectory. This is done by setting the AD attribute pwdlastset to todays date. To do this you set the pwdlastset field to 0, this means that the password has never been set. Once that is applied you go back and set the attribute to -1, this sets the password to the current date and time. The password will then no longer flag as expired and the user can continue to use the current password.

Powershell

Refresh-ADPassword.ps1

Import-Module ActiveDirectory
$name = Read-Host "Username"
$ADUser = Get-ADUser -filter {samaccountname -eq "$name"} -properties pwdlastset
$ADUser.pwdlastset = 0
Set-ADUser -Instance $ADUser
$ADUser.pwdlastset = -1
Set-ADUser -instance $ADUser

Resources

Github - Refresh-ADPassword