How to reset an Active Directory user Password expiration Date


Active directory account passwords expire set (for example, every 90 days) in most of the organizations. Configuring an AD account with Password Never Expires is not recommended due to security.

I came across the scenario to extend an active directory account’s current password expiration date without changing the password expiration policy.

The following sections describes steps to reset an Active directory user password expiry date. Password expiration is controlled by a group policy setting named maximum password age. After the policy is applied to the domain, the system will check the pwdlastset attribute of the user objects. The attribute records the time when the user password is set.

How to reset an Active Directory user Password expiration Date


Step 1:

Open Active Directory Users and Computers and select “Advanced Features“ under “View” tab.

Step 2:

Navigate to the Users account and select its properties.

Step 3: Click the “Attribute Editor” tab.

Step 4: Scroll attribute values and select pwdLastSet field. Modify it by entering 0 (zero) in the value field. Click OK. This sets the value to (Never) as in the password has never been set. Click OK on the User Account Properties box.

Step 5: Go to the User’s Account Properties TAB again. Go back to the Attribute Editor tab. Select pwdLastSet attribute and modify it with a value of -1. Click OK twice.

Done, the password value reset to the current date & time