Friday, 4 March 2011

Reset your AD Pswd history

Problem:  As a developer I setup a development machine on my own network and the default security policy forces me to change my password every 60 days.

Hypothesis:  Use Powershell to change how often the password needs to be reset in AD.  I don't know this so if anyone has this script please post it.

Resolution: Use the PS to remove you history.  This at lease allows me to reuse pswds repeatedly so I don't ned up with a lot of versions.  I have multiple VM so it's pretty useful to know my passwords are consistant.  Thanks to Brad Turner for posting this script.

# Pass the number of days to retain on the cmdline
param ([string]$NumDaysToKeepPwdHistory = 14)
# Calculate the date to clear password history against
[string]$ClearPwdHistoryDate= [DateTime]::Now.AddDays(-$NumDaysToKeepPwdHistory).ToUniversalTime()
# Get the WMI Object for your sever (use your server name)
$myserver = @(get-wmiobject-class "Win2008R2-machine6" -namespace "root\MicrosoftIdentityIntegrationServer" -computer ".")
# Clear the Password History
Write-Host "Clearing the Password History prior to (UTC)" $ClearPwdHistoryDate
Write-Host "Result: " $myserver[0].ClearPasswordHistory($ClearPwdHistoryDate).ReturnValue
# New line
Write-Host "'nError: $($_.Exception.Message)'n" -foregroundcolorwhite -backgroundcolordarkred

Tip:  This should not be done in production, only use on development environements.

Read More:
Brad Turner on removing Pswd history

Update: 2 April 2011 - Edit password setting using Group Policy 


Post a Comment