AD Property to turn off User Must Change Password at next Logon

Frost, John 1 Reputation point
2021-03-04T16:05:10.86+00:00

Forgive the duplicate post, but I cannot seem to find the original information anywhere.

I am using ADSelfServicePlus as a solution for my end users to do their own self-service account requests. Previously the service had domain admin privilege's so we wanted to lock that down by downgrading to a less permissive account. The problem is that when a user unlocks their account it automatically checks the option for User Must Change Password at Next Logon, which pretty much leaves them stuck until one of us can get to them to uncheck that box. Keep in mind that we are still working in a remote environment so there is no way for the end user to change their password once that option is checked and get through VPN.

I know I was able to resolve this many years ago through a specific, and obscurely named, property when delegating access to a help desk operator to perform the same task. I can just no longer find the articles that specified what that permission was. Support says it is an AD issue/setting, and I'm inclined to agree. Does anyone recall what this setting is? I am aware of the ADSI edit option, but we don't want to have to do that for everyone and keep up with doing it when new users come onboard.

TIA!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,182 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Frost, John 1 Reputation point
    2021-03-04T18:47:55.24+00:00

    I believe I finally found the answer I was looking for. While not exactly as I remember it, the last time I did this was in AD 2003, but close enough that the information in the article here solved my issue.

    https://www.itprotoday.com/compute-engines/jsi-tip-6009-how-i-delegate-right-force-user-change-password-next-logon

    0 comments No comments

  2. Daisy Zhou 20,876 Reputation points Microsoft Vendor
    2021-03-05T03:27:46.343+00:00

    Hello @Frost, John ,

    Thank you for posting here.

    Thank you for your update and sharing. I am very glad that the problem has been solved.

    As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!

    Have a nice day!

    Best Regards,
    Daisy Zhou

    0 comments No comments