It has affected on a very small numbers of computer in a very large pool, so it is not a huge problem, but one I would like to solve if possible so that I have an option other than reimaging the computer. I tried solving the issue of computer not updating their 'pwd Last Set' attribute by deleting their computer accounts in AD, recreating it, moving the computer to a workgroup & then rejoining the domain, but this did not work.
But this just throws and exception whenever the password has expired instead of changing the pwdlastset value.
We have succeeded in making this happen but are running into testing challenges.
We would like to be able to write test scripts to verify that account and password expiration logic is working correctly.
Update 17/03/2016: Added a download link for the script.
I had a requirement to change some of our AD accounts so that the password expired as per our company policy.