Re: password never expires script
- From: Jerome <Jerome@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Oct 2005 11:00:03 -0700
THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU,
THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU,
THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU.
"Steven L Umbach" wrote:
> You can not use block inheritance to keep password/account policy from being
> applied to domain users. You can however configure the accounts with
> password never expires if that works for you. If you have a Windows 2003
> domain controller you can do all the user accounts at one time by
> highlighting them all, selecting properties - account. If you do not have a
> Windows 2003 domain controller you can install adminpak for Windows 2003
> [free download from MS] on an XP Pro domain computer, logon as a domain
> administrator and use the Active Directory command line tools [VERY handy]
> to do what you want using dsquery and piping the results to dsmod. Below is
> an example of what command to use and what it shows. Of course you need to
> substitute your domain name and OU name. You may have a problem if any
> account is configured with must change password at next logon. But you
> could use the same command below except substitute -mustchpwd no
> or -pwdneverexpires yes and run that command first. --- Steve
>
> F:\Documents and Settings\administrator.UMBACH1.>dsquery user
> OU=west,dc=umba
> h1,dc=com | dsmod user -pwdneverexpires yes
> dsmod succeeded:CN=john,OU=west,DC=umbach1,DC=com
> dsmod succeeded:CN=joe,OU=west,DC=umbach1,DC=com
> dsmod succeeded:CN=roger,OU=west,DC=umbach1,DC=com
> dsmod succeeded:CN=fox,OU=west,DC=umbach1,DC=com
> dsmod succeeded:CN=fred,OU=west,DC=umbach1,DC=com
>
>
> "Jerome" <Jerome@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:A605825A-39B7-42C9-8B14-DF3295C277C1@xxxxxxxxxxxxxxxx
> > Hello,
> >
> > Due to a new merger in my org, some new users are not yet joined to the
> > domain so they get no notification prior to when Group Policy applies
> > password age policy on all users. This throws them out of exchange and I
> > have
> > to reset passwords for about 3000 users every 31 days (i have a vbs script
> > for this).
> >
> > Due to company policy and security reasons, I don't want to disable the
> > password age policy in GP. I moved all the new users to an OU and created
> > a
> > new GP for them then enabled "block inheritance" but I also want a script
> > that will enable password never expires for these users.
> >
> > I checked the scripter page in technet but could not get the applicable
> > LDAP
> > script or ldifde, pls assist. <Exchange 2003 in Active Directory
> > Environment>.
> >
>
>
>
.
- Follow-Ups:
- Re: password never expires script
- From: Steven L Umbach
- Re: password never expires script
- References:
- Re: password never expires script
- From: Steven L Umbach
- Re: password never expires script
- Prev by Date: Re: Event ID 1030 & 40961
- Next by Date: are these deleted accounts?
- Previous by thread: Re: password never expires script
- Next by thread: Re: password never expires script
- Index(es):
Relevant Pages
|
