1
Vote

Bug setting pwdLastSet

description

Hello everyone,

First of all, let me greet the author for this great tool. It helps a LOT with bulk changes.

Although this tool is no longer supported and this task may be performed using PowerShell and AD module, I used it to bulk set "User must change password at next logon" checkbox for a bunch of users.

Next day, people were not asked to change the password and then I started investigating.

It seems like, when using AD Modify's GUI and set this checkbox, it modifies pwdLastSet attribute to the timestamp of the password change itself, instead of 0, which is the correct value that is set when using DSA.MSC.

Anyone here is aware of this "bug"? I was just wondering if it's a known issue or some other problem.

Note: AD FFL and DFL is 2012 R2.

Thanks a lot.

Cheers,

Bruno

comments