VMware Cloud Community
zdog59
Enthusiast
Enthusiast
‎12-10-2015 07:25 AM

AD User Account Creation Properties - Cannot Change Password And Password Never Expires

Hello,

Does anyone know how to leverage the AD Plugin 2.0 to address setting the switches "Cannot Change Password" and "Password Never Expires" for a AD user account?  I noticed the plugin has a method associated with the scriptable object for setChangePasswordAtNextLogon but not the two referenced above.  Can it be done through the setAttribute method?

Thanks in Advance,

Mike

6 Replies
bdamian
Expert
Expert
‎12-11-2015 10:41 AM

Hi zdog59,

It's a kind of tricky thing but it can be done.

First of all, you can set any Attribute of an AD user using "setAttribute".

If you want to change the email of a user, you do the following:

user.setAttribute("mail", strEmail);

(user represent an AD:User object in Orchestrator)

All the properties in the AD "Account Options" tab of the Active Directory are set in the property userAccountControl.

You need to find the right value for your needs. The following URL tells you the values for each option:

https://support.microsoft.com/en-us/kb/305144

To set Password Never Expires you need to add: NORMAL_ACCOUNT (512) + DONT_EXPIRE_PASSWORD (65536) = 66048

So, you need to do the following:

user.setAttribute("userAccountControl", 66048);

User Cannot Change Password is a complete different thing, it's not an attribute but a property of the object. This URL explains it how to change it by code in .NET:

https://msdn.microsoft.com/en-us/library/aa746398.aspx

Hope this helps you.

D.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
zdog59
Enthusiast
Enthusiast
‎12-14-2015 11:25 AM

Thanks D!

I'm gonna try that this afternoon, but sounds spot on!

Mike

0 Kudos
gbuser
Contributor
Contributor
‎03-02-2016 05:21 AM

Hi,

the User cannot change password seems sophisticated and I am not sure how to put this into a vRO script. Does anyone have an example code or ready workflow for it?

0 Kudos
gbuser
Contributor
Contributor
‎04-04-2016 10:52 PM

Anyone?

0 Kudos
mmumshad
Contributor
Contributor
‎07-13-2016 10:34 PM

Thank you!! this helped.

0 Kudos
brenesrm
Contributor
Contributor
‎03-16-2022 03:58 PM

Thank you!

 

user.setAttribute("accountExpires", NewDate);
0 Kudos