none
Set password never expires to a specific user group by scrip

    Question

  • Set password never expires to a specific user group by scrip

    I need your help setting up a scrip or group policy that activates the password option never expires to a group of users.

    It was created for users

    CONST ADS_UF_DONT_EXPIRE_PASSWD = & H10000
    DIM objUser

    '<<<< Bind to the user object using the distinguished name >>>>
    SET objUser = GETOBJECT ("LDAP: // CN = First Name, OU = Company Users, DC = Domain, DC = loc")
    IntUAC = objUser.GET ("userAccountControl")

    '<<<<< Enable Password never expires >>>>>
    IF (intUAC AND ADS_UF_DONT_EXPIRE_PASSWD) = 0 THEN
    ObjUser.put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
    ObjUser.setinfo
    END IF

    Wednesday, April 5, 2017 3:25 PM

All replies

  • Bind to the group, then use the Members method of the group object to enumerate the distinguished names of the members. With each DN you can bind to each member in the loop and update the userAccountControl attribute as in your example.

    Edit: Similar to below should work:

    Dim objGroup, objMember, intUAC
    Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
    
    ' Bind to the group object.
    Set objGroup = GetObject("LDAP://cn=MyGroup,ou=Sales,ou=West,dc=Domain=dc=com")
    
    ' Enumerate direct members of the group.
    For Each objMember In objGroup.Members
        IntUAC = objMember.Get ("userAccountControl")
        ' Check if password can expire.
        IF (intUAC And ADS_UF_DONT_EXPIRE_PASSWD) = 0 Then
            ' Configure so password does not expire.
            objMember.Put "userAccountControl", intUAC Xor ADS_UF_DONT_EXPIRE_PASSWD
            objMember.SetInfo
        End If
    Next
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Wednesday, April 5, 2017 5:54 PM