Resetting pwdLastReset Attribute in Active Directory

This sort of thing is useful if you have a bunch of users that have passwords which are set to not expired, but then you decide that they do need to expire. But if you simply untick the “Password doesn’t expired” attribute then it will instantly make them change their password because the “pwdLastSet” date will be from when the user was first set-up.

This trick will set the “pwdLastSet” date to today so that they have some warning before being told to reset their password.

First of all, make sure that you have “Advanced Features” turned on from the “View” menu.

Now find the user that you want to reset the value for and edit their properties. Navigate to the “Attribute Editor” tab and scroll down until you see the “pwdLastSet” attribute.

Edit the value to be “0“, this means that the value has never been set. See screenshot below.

Changed to 0

Now click okay on all of the boxes until the users properties window has closed. Now reopen the users window, go back to the attributes editor and change pwdLastSet to “-1. See screenshot below:

Changed to -1

Now press okay to all the boxes until the users properties window has closed. Now when you check for the pwdLastSet attribute it will be set to the current date.

Hope this helped you, enjoy!

Linux New Users Form

Following on from my recent upload on Linux scripting, I have yet again created a BASH script to make my Linux’ing life easier. This is also my second script created in BASH so I guess i’ve accomplished something by not running for the hills…

What I needed was a script to make creating FTP users easier on my CentOS box. Below is a list of things I needed the script to accomplish:

  • Get a username from a user prompt
  • Get a Description from a user prompt
  • Create the new user
  • Change the users password
  • Add the username to /etc/vsftpd.userlist
  • Add the username to /etc/vsftpd/chroot_list
  • Make a directory in the home folder of the user called “ftp”
  • Change the permissions and ownership on this directory
  • Make a directory in the “ftp” folder called “files”
  • Change the permissions and ownership on this directory
  • Ask the user to create a share or not
  • Get a share name from user prompt
  • Make a directory in the users “files” folder with the same name as the share name
  • Mount the share to the “files” directory
  • Ask if the new user is the owner of the share
    • if so then change the ownershipa and permissions on the share
    • if not then just change the permissions on the share
  • Finish

Here is my script for achieving these goals:

#!/bin/bash
#Creating new FTP users

##Gathering Variables
echo "Enter a username"
read Username

echo "Enter a description"
read Description

useradd -m -c "$Description" -s /bin/bash $Username

passwd $Username

echo "$Username" | tee -a /etc/vsftpd.userlist
echo "$Username" | tee -a /etc/vsftpd/chroot_list

mkdir /home/$Username/ftp
chown nobody:nobody /home/$Username/ftp
chmod a-w /home/$Username/ftp

mkdir /home/$Username/ftp/files
chown $Username:$Username /home/$Username/ftp/files
chmod 0700 /home/$Username/ftp/files

read -p "Create a share? [yn]: " CreateShare
if [[ $CreateShare = y ]] ; then

 read -p "Enter a share name: " ShareName

 mkdir /home/$Username/ftp/files/$ShareName
 mkdir /home/shares/$ShareName
 mount --bind /home/shares/$ShareName /home/$Username/ftp/files/$ShareName
elif [[ $CreateShare = n ]] ; then
 read -p "Enter the pre-existing share name: " ShareName
 mkdir /home/$Username/ftp/files/$ShareName
 if [ -d /home/shares/$ShareName ] ; then
  echo "Mounting share"
  mount --bind /home/shares/$ShareName /home/$Username/ftp/files/$ShareName
 else
  echo "Cannot find the share name : $ShareName"
 fi
else
 echo "Not a y or n"
fi

read -p "Is $Username the owner of this share? [yn]: " ShareOwner
if [[ $ShareOwner = y ]] ; then
 chown $Username:$Username /home/shares/$ShareName
 chmod 0775 /home/shares/$ShareName
else
 echo "$Username is not the owner of $ShareName"
 chmod 0775 /home/shares/$ShareName
fi

echo "Finished creating user : $Username" * Insert your code here

Hopefully somebody gains something from this, probably not though. Enjoy!

Linux Mounting Script

Recently I have set up a VSFTPD CentOS 7 server and chrooted all the local users to their home directory. *If you know what that means $YourPoints = $YourPoints + 5*

But when ever the system was rebooted or for any other reason that I don’t fully understand yet, the mounts from the shares to the users home directory would get lost. Because the users were chrooted into their home directories, I couldn’t use symbolic or hard links. Instead I had to use the:

mount --bind

option to make the mount accessible to the chrooted users.

But since the mount kepts getting lost and I had grown tired of the users complaining that they couldn’t access the share. Plus it was taking too long manually remounting all the shares, let alone finding out which ones had become disconnected before the users started to complain. So I created a script to check and ask me if I wanted to mount the share.

Just so you know, this is my first time scripting in BASH and I only did it because of my short lived love with Linux. Below is an example of the code in my script, I basically created one of these functions for each user:

#TESTING USER3
if mountpoint -q /home/user3/ftp/files/share
 then
 echo "user3 is mounted"
 else
 echo "user3 is not mounted"
 read -p "Do you want to mount share? (y or n):" REPLY
 if [[ $REPLY = y ]]
  then
  mount --bind /home/shares/share/ /home/user3/ftp/files/share
 fi
fi

This way all I have to do is run this script and it will mount all of the shares for me. Let me know if there is an easier way to do this or if im missing something obviouse. Enjoy!