Update Microsoft Active Directory.ps1

msheldont4e · msheldont4e · commit 86653dda5a3b · 2025-08-27T05:50:18.000-08:00
- Preserve ChangePasswordAtNextLogon flag when setting password. But still allow it to be overridden in mapping
diff --git a/Microsoft Active Directory.ps1 b/Microsoft Active Directory.ps1
@@ -1574,7 +1574,22 @@ function Set-ADObject-ADSI {
 
             'AccountPassword' {
                 try {
+                    # Retrieve current ChangePasswordAtNextLogon
+                    if ($dirent.Properties["pwdLastSet"][0] -is [System.__ComObject]) {
+                        $ChangePassword = ConvertFrom-ADLargeInteger $dirent.Properties["pwdLastSet"][0]
+                    }
+                    else {
+                        $ChangePassword = $dirent.Properties["pwdLastSet"][0]
+                    }
+
+                    # Update Password
                     $dirent.Invoke('SetPassword', $Properties[$p]) >$null
+
+                    # Preserve ChanagePasswordAtNextLogon Flag
+                    $val = if ($ChangePassword -eq 0) { 0 } else { -1 }
+
+                    $dirent.Properties['pwdLastSet'].Clear()
+                    $dirent.Properties['pwdLastSet'].Add((ConvertTo-ADLargeInteger $val)) >$null
                 } catch {
                     Get-ADSIError
                     throw $_
