Re: password never expires script
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 13 Oct 2005 11:37:33 -0500
You are welcome! --- Steve
"Jerome" <Jerome@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2D0E81DD-B8D6-4229-8691-F23456647E97@xxxxxxxxxxxxxxxx
> THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK
> YOU,
> THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK
> YOU,
> THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK YOU, THANK
> YOU.
>
> "Steven L Umbach" wrote:
>
>> You can not use block inheritance to keep password/account policy from
>> being
>> applied to domain users. You can however configure the accounts with
>> password never expires if that works for you. If you have a Windows 2003
>> domain controller you can do all the user accounts at one time by
>> highlighting them all, selecting properties - account. If you do not have
>> a
>> Windows 2003 domain controller you can install adminpak for Windows 2003
>> [free download from MS] on an XP Pro domain computer, logon as a domain
>> administrator and use the Active Directory command line tools [VERY
>> handy]
>> to do what you want using dsquery and piping the results to dsmod. Below
>> is
>> an example of what command to use and what it shows. Of course you need
>> to
>> substitute your domain name and OU name. You may have a problem if any
>> account is configured with must change password at next logon. But you
>> could use the same command below except substitute -mustchpwd no
>> or -pwdneverexpires yes and run that command first. --- Steve
>>
>> F:\Documents and Settings\administrator.UMBACH1.>dsquery user
>> OU=west,dc=umba
>> h1,dc=com | dsmod user -pwdneverexpires yes
>> dsmod succeeded:CN=john,OU=west,DC=umbach1,DC=com
>> dsmod succeeded:CN=joe,OU=west,DC=umbach1,DC=com
>> dsmod succeeded:CN=roger,OU=west,DC=umbach1,DC=com
>> dsmod succeeded:CN=fox,OU=west,DC=umbach1,DC=com
>> dsmod succeeded:CN=fred,OU=west,DC=umbach1,DC=com
>>
>>
>> "Jerome" <Jerome@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:A605825A-39B7-42C9-8B14-DF3295C277C1@xxxxxxxxxxxxxxxx
>> > Hello,
>> >
>> > Due to a new merger in my org, some new users are not yet joined to the
>> > domain so they get no notification prior to when Group Policy applies
>> > password age policy on all users. This throws them out of exchange and
>> > I
>> > have
>> > to reset passwords for about 3000 users every 31 days (i have a vbs
>> > script
>> > for this).
>> >
>> > Due to company policy and security reasons, I don't want to disable the
>> > password age policy in GP. I moved all the new users to an OU and
>> > created
>> > a
>> > new GP for them then enabled "block inheritance" but I also want a
>> > script
>> > that will enable password never expires for these users.
>> >
>> > I checked the scripter page in technet but could not get the applicable
>> > LDAP
>> > script or ldifde, pls assist. <Exchange 2003 in Active Directory
>> > Environment>.
>> >
>>
>>
>>
.
- References:
- Re: password never expires script
- From: Steven L Umbach
- Re: password never expires script
- From: Jerome
- Re: password never expires script
- Prev by Date: Re: Internet Explorer [WILDPACKET]
- Next by Date: Re: Local GP for just 1 user
- Previous by thread: Re: password never expires script
- Next by thread: Re: Event ID 1030 & 40961
- Index(es):
Relevant Pages
|
