Force all domain users to change their password.

Discussion in 'Windows Server' started by Julian, Nov 24, 2005.

  1. Julian

    Julian Guest

    How can I do this on a Windows2003 domain with XP & 2000 clients?
    Julian, Nov 24, 2005
    1. Advertisements

  2. Julian

    Todd J Heron Guest

    If you are using Windows 2003 you can highlight and select multiple users at
    once in AD Users & Computers, right-click and choose Properties, Account
    tab, check the box "User must change password at next logon". This
    obviously allows you to change this on all selected users at once. As an
    alternative method, you can also do this using VBScript and WMI, exporting a
    list of users and then use the following code to script against it:

    ' This VBScript code sets the flag that requires a user to change their
    ' ---------------------------------------------------------------
    ' From the book "Active Directory Cookbook" by Robbie Allen
    ' Publisher: O'Reilly and Associates
    ' ISBN: 0-596-00466-4
    ' Book web site:
    ' ---------------------------------------------------------------
    ' ------ SCRIPT CONFIGURATION ------
    strUserDN = "<UserDN>" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
    ' ------ END CONFIGURATION ---------

    set objUser = GetObject("LDAP://" & strUserDN)
    objUser.Put "pwdLastSet", 0
    WScript.Echo "User must change password at next logon: " & strUserDN

    Firther reference:
    Todd J Heron, Nov 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.