Re: Change Pswrd at Next Log on

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 19 Jun 2008 09:24:25 -0500

---

"BluesHead" <nospam@xxxxxxxxx> wrote in message
news:OxAWsEg0IHA.1772@xxxxxxxxxxxxxxxxxxxxxxx

Hi Folks,

I have a need to change all user accounts within a certain OU to "User
must change password at next logon"

I was hoping that some one of you may have a script that I could modify
that might perform this for me. I do know that wildcards for cn do not
work with DSMOD and that there may be a way to pipe in the cn from a
DSQUERY.

Not overly familiar with either comand so would appreciate any help with
this.

Many thanks in advance.

BluesHead.

You need to assign 0 to the pwdLastSet attribute for all users in the OU. A
VBScript example:
=====
Option Explicit
Dim objOU, objUser

' Bind to the OU object, using Distinguished Name of OU.
Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com";)

' Filter on user objects.
objOU.Filter = Array("user")

' Enumerate users.
For Each objUser In objOU
' Expire the password.
objUser.pwdLastSet = 0
' Save changes.
objUser.SetInfo
Next
======
You can also use Joe Richards' free command line utilities, adfind and
admod, for this. I think the syntax would be (watch line wrapping, this is
one line):

adfind -b "ou=West,dc=MyDomaind,dc=com" -f
"(&(objectCategory=person)(objectClass=user))" -dsq | admod "pwdLastSet::0"

Check the syntax on his web site and download the tools:

http://www.joeware.net/freetools/index.htm

Something similar might be possible with dsquery and dsmod. If so, you must
pipe the Distinguished Names (DN's) of all users in the OU from dsquery to
dsmod. The filter will be the same,
"(&(objectCategory=person)(objectClass=user))", the base will be the DN of
the OU. Again, the attribute is pwdLastSet and you want to assign 0 to
expire the password.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

---

• Follow-Ups:
  • Re: Change Pswrd at Next Log on
    • From: Richard Mueller [MVP]

• References:
  • Change Pswrd at Next Log on
    • From: BluesHead

• Prev by Date: Change Pswrd at Next Log on
• Next by Date: Re: Change Pswrd at Next Log on
• Previous by thread: Change Pswrd at Next Log on
• Next by thread: Re: Change Pswrd at Next Log on
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Change Pswrd at Next Log on ... I think the syntax would be (watch line wrapping, ... Something similar might be possible with dsquery and dsmod. ... Richard Mueller ... (microsoft.public.win2000.active_directory) Re: reset password ... You could also put something together with dsquery and dsmod. ... Joe Richards Microsoft MVP Windows Server Directory Services ... (microsoft.public.windows.server.active_directory) Re: Change "Password Never Expires" In AD for all users ... Use DSQUERY to select the users you want, and then pipe them into DSMOD. ... Use of included script samples are subject to the terms ... I have got the Domain Policy setup. ... (microsoft.public.windows.server.general) Re: Group password reset ... You can use dsquery to pipe the results to dsmod. ... best to try out on a couple test accounts first. ... (microsoft.public.security) Re: AD Tool? ... 2003 you can logon to that computer as a domain admin ... You can pipe the results from dsquery over to dsmod to find and change a group ... > Does anyone know of a good AD tool to configure multiple users at the same ... (microsoft.public.win2000.group_policy)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2008-06