问题
as noted in this question, it resets the users password age to zero, but how?
pwLastSet attribute still displays the old date.
Is there another attribute?
Is it better to just reset pwLastSet value to current date?
回答1:
I know this question is old, but the source code is available now, so you can see exactly what it does.
In short, it calls ADStoreCtx.UnexpircePassword(), which sets pwdLastSet to -1. At least that's what it does now. Who knows if it's been changed since 2014.
Here's the relevant code:
/// <summary>
/// Unexpire password by setting pwdLastSet to -1
/// </summary>
/// <param name="p"></param>
internal override void UnexpirePassword(AuthenticablePrincipal p)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "UnexpirePassword");
Debug.Assert(p.fakePrincipal == false);
WriteAttribute(p, "pwdLastSet", -1);
}
From here: https://github.com/dotnet/corefx/blob/a1746a74091c4427890078eb817f7f4ee8423304/src/System.DirectoryServices.AccountManagement/src/System/DirectoryServices/AccountManagement/AD/ADStoreCtx.cs#L958
来源:https://stackoverflow.com/questions/22206479/what-does-userprincipal-refreshexpiredpassword-update