Change "Password Never Expires" In AD for all users

Discussion in 'Windows Server' started by Brady Snow, Dec 6, 2004.

  1. Brady Snow

    Brady Snow Guest

    I was enformed the other day that we were going to start enforcing a password
    policy in Windows 2000. I have got the Domain Policy setup. There are
    serveral useer in the domain that have their passwords set to never expire.
    How can I change all users with this set to now expire so I can enforce this
    password policy. If I need to run a script maybe someone could point me in
    the right direction.

    In summary: Write a script that will query each user to determine if their
    “PasswordNeverExpires†flag is set. If it is, you must reset it.

    Many thanks!!

    Brady Snow
    Brady Snow, Dec 6, 2004
    1. Advertisements

  2. Brady:

    You can do this using the DSQUERY and DSMOD commands.

    Use DSQUERY to select the users you want, and then pipe them into DSMOD.

    Here is an example which selects all users with passwords older than 30
    days in an OU and sets the password never expires flag on each one. You
    can modify this to suit your situation:

    DSQUERY user "OU=Employees,DC=Contoso,DC=Com" -stalepwd 30 | DSMOD user
    -pwdneverexpires no

    Type DSQUERY /? and DSMOD /? for more options.

    Matt Wagner
    Enterprise Engineering Center
    Microsoft Corporation

    Legal Disclaimer:
    This posting is provided "AS IS" with no warranties, and confers no
    rights. Use of included script samples are subject to the terms
    specified at Please do not
    send e-mail directly to this alias. This alias is for newsgroup purposes
    Matt Wagner [MSFT], Dec 6, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.