locked
update LargeInteger field using powershell & DirectoryServices RRS feed

  • Question

  • Hello

    I want to update AD attribute (largeInteger) using powershell and directoryservices class and getting unspecified error when running the code..

    $newObj1 = New-Object DirectoryServices.DirectoryEntry("LDAP://CN=myuser,OU=myOU,DC=mydomain,DC=com", "mydomain\myID", "Mypwd")
    $xxDate = Get-Date
    $xxDate = $xxDate.ToFileTime()
    $newObj1.Properties["ms-MCS-AdmPwdExpirationTime"].Value = $xxDate
    $newObj1.CommitChanges()

    Saturday, October 27, 2018 10:59 PM

Answers

  • wrong.. I have developed self service LAPS solution using ActiveRoles.. and when user see the password, i force it to expire after two hours instead of default GPO expiration..

    I've figured out the solution anyways.. Thanks..

    $newObj1.psBase.invoke("put", "ms-mcs-admpwdExpirationTime", "$xxDate")

    $newObj1.CommitChanges()

    • Marked as answer by vikAM Sunday, October 28, 2018 12:47 AM
    Sunday, October 28, 2018 12:47 AM

All replies

  • That is because that property does not exist on that object and it is not a settable prpoperty.

    See LAPS documentation on how to reset the password expiration.


    \_(ツ)_/


    • Edited by jrv Saturday, October 27, 2018 11:40 PM
    Saturday, October 27, 2018 11:38 PM
  • wrong.. I have developed self service LAPS solution using ActiveRoles.. and when user see the password, i force it to expire after two hours instead of default GPO expiration..

    I've figured out the solution anyways.. Thanks..

    $newObj1.psBase.invoke("put", "ms-mcs-admpwdExpirationTime", "$xxDate")

    $newObj1.CommitChanges()

    • Marked as answer by vikAM Sunday, October 28, 2018 12:47 AM
    Sunday, October 28, 2018 12:47 AM
  • That will work if you have installed the LAPS schema extensions which you obviously have. 


    \_(ツ)_/

    Sunday, October 28, 2018 1:03 AM