How to Extend Expired AD User Password

How to Extend Expired AD User Password

September 11, 2021 Active Directory PowerShell 0

Active directory account passwords expire set (for example, every 45 days) in most of the organisations. Configuring an AD account with Password Never Expires is not recommended due to security.

I came across the scenario to extend an active directory account’s current password expiration date without changing the password expiration policy.


Extend Expired AD User Password via GUI

Open Active Directory Users and Computers and select “Advanced Features“ under “View” tab.

Navigate to the Users account and select its properties

Locate the PwdLastSet attribute on the attribute tab

Double click pwdlastset to open this attribute and set to 0.  Click OK and Apply.

Again, open back up the pwdlastset attribute and set it to -1.  Click OK and Apply.


Extend Expired AD User Password via Power Shell

Open Powershell as Administrator with Active Directory Access,

Execute below sequence of command.

Set-ADUser -Identity username -Replace @{pwdlastset=”0″}

Set-ADUser -Identity username -Replace @{pwdlastset=”-1″}


Now, The Password has been reset to the current date & time.

 2,897 total views,  4 views today

Leave a Reply

Your email address will not be published. Required fields are marked *