<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview 
[{$pagename}] ([LDAPDisplayName] [PwdLastSet]) represents the date and time that the password for this account was last changed. 

[{$pagename}] is functionally the same as the [PwdChangedTime] (__Except for the [LDAPSyntaxes]__) in many other [LDAP Server Implementations] as described within [Draft-behera-ldap-password-policy]
Many people can associate [{$pagename}] to the phrase from the [MMC Account Tab]: __User Must Change Password at Next Logon __

In [Microsoft Active Directory] the value is stored as a [LargeInteger]. If this value is set to 0 and the [User-Account-Control Attribute] does not contain the [DONT_EXPIRE_PASSWORD] flag, then the user must set the password at the next logon. 

When the administrator clicks the &quot;User must change password at next logon&quot; check-box in Active Directory [Users and Computers|MMC Account Tab], the [{$pagename}] ([PwdLastSet]) gets set to 0. 
 
|CN|Pwd-Last-Set 
|Ldap-Display-Name|[pwdLastSet] 
|Size|8 bytes 
|Update Privilege|This value is set by the system. 
|Update Frequency|Each time the password is changed. 
|Attribute-Id|1.2.840.113556.1.4.96 
|System-Id-Guid|bf967a0a-0de6-11d0-a285-00aa003049e2 
|Syntax|Interval 

!Implementations 
* Windows 2000 Server 
* Windows Server 2003 
* ADAM 
* Windows Server 2003 R2 
* Windows Server 2008 [{$pagename}] is normally the same as [PwdChangedTime] in other [LDAP Server Implementations] as described within [Draft-behera-ldap-password-policy]!! Modifications to [{$pagename}] 
The only values that can be set are:
* 0 - To set &quot;User Must Change Password at Next Logon&quot;, set the pwdLastSet attribute to zero (0). This is as if the [{$pagename}]=True - which is an implementation of [Password MUST Change] condition.
* -1 - setting the [{$pagename}] attribute to -1 which will effectively set the [{$pagename}] to the current time and remove the &quot;User Must Change Password at Next Logon&quot; restriction.
* The [{$pagename}] attribute cannot be set to any other values except by the system. 

![MMC Account Tab] 
The values for this can be set within the [MMC] on the [MMC Account Tab] as: __User Must Change Password at Next Logon __. 

!! More Information 
There might be more information for this subject on one of the following: 
[{ReferringPagesPlugin before='*' after='\n' }] 
</pre>