Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need a way to set ALL Users to "Must Change Password on next login" 1

Status
Not open for further replies.
appelq

appelq

IS-IT--Management
Dec 28, 2004
72
0
6
US
We have Windows Server 2003 with active direcotry and most all users are setup that "Password Never Expires".
We've recently had a security issue, and I want to set all of the User accounts to force them to change their Password on next login.
Is there a way to do that with a script or query?
I'm thinking I need the query to do 2 things:
1. Uncheck the "Password Never Expires" option
2. Check the "User must change password on next login"

I heard I might be able to do that with an Active directory query manager script, but I am a novice.
 
Sort by date Sort by votes
You can just highlight multiple users at once, right-click, properties, and change them all at once that way.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
running win server 2003, in active directory, I tried highlighting a few multiple users and when I right click, there is no option to modify properties.
also - I have my users organized by department. We have 50+ departments, and there's not an easy way to highlight ALL users at once.

I will download and checkout ADMofify. Sounds like a good tool.

Thanks!
 
Upvote 0 Downvote
One thing I don't like about the MS solution is it does not allow you to exclude service accounts.

The Admin Script Pack has a script to do this and allows you to set exclusion accounts. You can also specify a "time since last change" so you don't have to force someone to change a PW if they did within the past 3 days or whatever value you set.



I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
That's true, but your service accounts should be outside the user OU and the set a base DN on the dsquery.

However, VBScript is much more elegant way to go about it though. As you said, you can then check the last time of change. People hate changing passwords too often.
 
Upvote 0 Downvote
It really all depends on the size of the organization too I suppose. I've had to tackle this in orgs with thousands of users spread across tons of OUs. Targeting a single OU is likely only helpful in a smaller organization.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
90
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
106
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
73
hairlessupportmonkey
hairlessupportmonkey
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
143
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
51
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top