I am trying to use the pwdlastset to change first to a 0 and then to a -1

basically I have a bunch of users who had password never expires.  We sent out emails over the last couple of weeks asking them to reset passwords and then we would remove the password never expires so that they are not locked out.

What happened next is that many didnt do anything.  I was then assigned the task of going into the attribute editor manually and goign to pwdlastset and chang it to 0 and then to -1 and after that going in and removing the password never expires so the users are logged out.

this task is taking alot of time manually and I figured I might be able to automate parts of it but I find that I cannot evne use the PWDlastset 

----------------------------

Set-ADUser john.doe -properties pwdlastset = 0
Set-ADUser : A parameter cannot be found that matches parameter name 'properties'.
At line:1 char:27
+ Set-ADUser john.doe -properties pwdlastset = 0
+                           ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser

----------------------------

So basically I cannot even try to get started on figuring out a way to make this task less manual as I cannot get the main attribute to change in powershell.

thanks for the help

Hi,

Use -Replace:

http://ss64.com/ps/set-aduser.html

Hi Mike,

would you mind giving me an example?  I tried that and got an error as well:

----------------------

Set-ADUser john.doe -Replace pwdlastset = 0

Set-ADUser : Cannot bind parameter 'Replace'. Cannot convert the "pwdlastset" value
of type "System.String" to type "System.Collections.Hashtable".
At line:1 char:31
+ Set-ADUser john.doe -Replace pwdlastset = 0
+                               ~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-ADUser], ParameterBindingExc
   eption
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirecto
   ry.Management.Commands.SetADUser

----------------------

You have to use a hashtable.

-Replace @{pwdLast

great! that worked and it saves me time as I can run the PW cmdlet and then do up arrow change to -1 and run it again then I can just click on the name in ADUC and choose accounts and uncheck the password does not expire.

So its saving me time already.  (Reason being once you make a change in the attribute editor you have to close it out and then reopen it each time when doing this but you don't with powershell)

I have some academic questions for you.  I take my Python programming test Sunday, and I have been studying code for it.

In Python a hash table is actually called a dictionary but it uses the same {} hash tag brackets.

which equates to something like {"key": value}

Can I ask about the why that needed a hash table to work?  do you mind a short discussion on that with me to improve my understanding of hash table usage in power shell.

I want to figure out how to use the code I learn in power shell.  not really the python code but the loops and if statements and and some of that.  I know about variables in power shell but I would really like to learn how to use more concepts in power shell. 

That's probably a topic for another time.  I am almost done with my bachelor and once I have finished up then I can actually delve into power shell and not have to go home study other topics each night after work.

Anyway thanks for the assistance and I would love to hear more.  I need a mentor! hah