Windows - Local User Management

954 views Asked by At

I am trying to implement a script/utility that renames a user, sets a default password, and then will prompt the user to change their password on their initial logon in Windows Server 2003. I am able to accomplish the first 2 items but not the third. Specifically, I want the user to encounter the Windows dialog box that states the following :"you are required to change your password at first logon" Then it takes them to the "Change Password" dialog box which has an OK and Cancel button. If they hit cancel, they are taken to the initial login screen.

I implemented the code below to try to accomplish this. The behavior I am getting instead is that the user is given a dialog box that states that the password has expired and must changed, is prompted to do so. However, the user can simply click Cancel, and the user is logged in. The utility is scripted in c# but I am open to another language if it makes things easier.

DirectoryEntry directory = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry userEntry = directory.Children.Find("defaultUsername"); 
userEntry.Rename("theUser");
userEntry.Invoke("SetPassword", new object[] { "defaultPassword" });
userEntry.Properties["PasswordExpired"].Value = 1; 
userEntry.Properties["UserFlags"].Value = 0x800201; 
userEntry.CommitChanges();
2

There are 2 answers

1
BentOnCoding On

userEntry.Properties["PasswordExpired"].Value = 0;

I think thats the issue

0
SGarratt On

You can't use UserFlags 0x800000 to set a password as expired - see here. Using PasswordExpired = 1 should be sufficient. Did you try this with UserFlags = 0x201?