Skip to main content
Kinetic Community

Active Directory User Expire Password

Finds a user in active directory by Distinguished Name, Full Name, Email Address, or User Name and sets the password to expired, requiring the user to change it.

Downloads

By downloading this file, you acknowledge that you agree to our Terms of Service

active_directory_user_expire_password_v2.zip

Detailed Description

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and search for the user based on the search parameters provided. If User Logon is the 'search by' parameter, the handler looks for a '@' symbol in the User Logon to determine how to search for the User Logon name. A '@' symbol indicates a search for the LDAP attribute userPrincipalName (up to 100 characters) while the absence of the '@' symbol will result in a search for the LDAP attribute sAMAccountName(pre-Windows 2000). Finally, the handler will set the password to expired. This is analogous to checking the box marked "User must change password at next logon" on the active directory users and computers administration tool.

  • If 'Distinguished Name' is selected, the 'distinguishedName' attribute will be used directly to retrieve the User entry.

  • If 'Full Name' is selected, the 'cn' attribute will be used to retrieve the User entry.

  • If 'User Name' is selected, the 'userprincipalname' value will be used if the "Search Value" parameter includes an '@' sign (IE john.doe@domain.com) and the 'samaccountname' will be used if it does not (IE john.doe).

  • If 'Email Address' is selected, the 'mail' attribute will be used to retrieve the User entry.

This handler will fail if the user is not found, or if more than one result is found.

Parameters

Name Description
Search By Choose which attribute of the user to search by
Search Value The actual search expression to search for

Sample Configuration

Parameter Example Configuration
Search By User Logon
Search Value <%=@answers['ReqFor Login ID']%>

Results

This handler returns no results

Change Log

Version Date Description
2 2014-08-05 * Changed the password info value to be encrypted.
1 2011-02-04 * Initial version. See README for details.