This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 36 lines
!!! Overview
[{$pagename}] ([LDAPDisplayName] [PwdLastSet]) represents the date and time that the password for this account was last changed.
[{$pagename}] is functionally the same as the [PwdChangedTime] (__Except for the [LDAPSyntaxes]__) in many other [LDAP Server Implementations] as described within [Draft-behera-ldap-password-policy]
Many people can associate [{$pagename}] to the phrase from the [MMC Account Tab]: __User Must Change Password at Next Logon __
In [Microsoft Active Directory] the value is stored as a [LargeInteger]. If this value is set to 0 and the [User-Account-Control Attribute] does not contain the [DONT_EXPIRE_PASSWORD] flag, then the user must set the password at the next logon.
When the administrator clicks the "User must change password at next logon" check-box in Active Directory [Users and Computers|MMC Account Tab], the [{$pagename}] ([PwdLastSet]) gets set to 0.
 
|CN|Pwd-Last-Set
|Ldap-Display-Name|[pwdLastSet]
|Size|8 bytes
|Update Privilege|This value is set by the system.
|Update Frequency|Each time the password is changed.
|Attribute-Id|1.2.840.113556.1.4.96
|System-Id-Guid|bf967a0a-0de6-11d0-a285-00aa003049e2
|Syntax|Interval
!Implementations
* Windows 2000 Server
* Windows Server 2003
* ADAM
* Windows Server 2003 R2
* Windows Server 2008 [{$pagename}] is normally the same as [PwdChangedTime] in other [LDAP Server Implementations] as described within [Draft-behera-ldap-password-policy]!! Modifications to [{$pagename}]
The only values that can be set are:
* 0 - To set "User Must Change Password at Next Logon", set the pwdLastSet attribute to zero (0). This is as if the [{$pagename}]=True - which is an implementation of [Password MUST Change] condition.
* -1 - setting the [{$pagename}] attribute to -1 which will effectively set the [{$pagename}] to the current time and remove the "User Must Change Password at Next Logon" restriction.
* The [{$pagename}] attribute cannot be set to any other values except by the system.
![MMC Account Tab]
The values for this can be set within the [MMC] on the [MMC Account Tab] as: __User Must Change Password at Next Logon __.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]