2019-01-31

how to enforce password change from Powershell?

At first I was thinking about how to set pwdLastSet to some old value? It is possible by:
$userObj = get-ADUser -Properties pwdLastSet
$userObj.pwdLastSet = 0
set-ADUser -instance $userObj
$userObj.pwdLastSet = -1
set-ADUser -instance $userObj

but it can set two possible values - never (0) and now (-1) - other values are invalid. When I tried to do it by:
$dt = Get-Date
$dt = $dt.AddDays(-70)
$userObj.pwdLastSet = $dt.ToFileTimeUTC()
set-ADUser -instance $userObj

Every time it was finished with error - the same is from Active Directory Users and Computers and from ADSIEdit. It is possible only from SYSTEM level.

For me - the only possible way how to do it is by preparation special kind of granullar password policy and connecting it with selected users.

2019-01-14

shared process lanmanserver stuck?

Windows 2008 Server and lanmanserver stuck. No errors, no warnings - just only stucked process. Process kill by:
taskkill /f /pid [pid]
is not working because I can't specify subprocess - I can kill all the subprocesses. I decided to config lanmanserver with its own process by:
sc config lanmanserver type= own
after restart it is much better - process is not stucked and it is working.