It’s particularly irritating when security people who have a limited grasp of security set password rules in your domain that force you to change your password way too frequently. It’s even worse when it remembers a history of passwords that you cannot reuse. I am not condoning never changing your password, but a very complex/long password you can remember and use for a longer period of time is far superior to difficult to remember passwords you are forced to create and change frequently.
If you have admin privileges (or know someone who does that is willing to help you), you can get around the time requirements by changing the lastpwddate
field to 0
, then wait 15 or so minutes for the change to propagate across the domain (because windows domains don’t do serialized/timestamped changes apparently), and then change it to -1
. This will reset the timer as if you had changed your password without actually changing the password.
Another method is via PowerShell. I have not tested this script personally (I don’t do Windows), but one of my admins for my work account has used this for me with success:
$ErrorActionPreference = "stop"
Write-Host "`n"
Write-Host "This script will reset the pwdlastset attribute for the user provided to today's date."
Write-Host "`n"
Write-Host "You will be prompted for the Username and Domain for the User and lastly for credentials."
Write-Host "When you are prompted for credentials include the domain name. EXAMPLE Domain\Username "
Write-Host "`n"
$User = Read-Host -Prompt 'Input the user name (Do not include domain)'
$Domain = Read-Host -Prompt 'Input the user domain name'
Write-Host "`n"
Write-Host "Enter Admin Credential of User's Domain"
$credential = Get-Credential
$dc = (get-addomain $domain).PDCEmulator
$usr = get-aduser -server $dc -identity $User -Properties pwdlastset
Set-ADUser -server $dc -Identity $usr.SamAccountNAme -Replace @{pwdlastset="0"} -Credential $credential
Write-Host "This will take one minute to update.. Please wait."
Start-Sleep -Seconds 61
Set-ADUser -server $dc -Identity $usr.SamAccountNAme -Replace @{pwdlastset="-1"} -Credential $credential
Write-Host "Update Complete! It may take up to 15 minutes to replicate to all of the Domain Controllers" -ForegroundColor Green